I'm burning up here- how to restrict a user or a group to 1 single project?

Hi!

Read all kinds of documentation but I can't understand at all how should I do this.

This manual: https://confluence.atlassian.com/display/JIRAKB/How+to+restrict+project+access+to+different+isolated+user+groups

Confusing.

Granted these groups JIRA access by adding the groups to JIRA Users global permission" - what is that supposed to mean?!

It should be just that I pick a group and select project or project's this group can access. That's it. And then pick a user and assign the user to a group.

Right now ALL USERS get access to ALL projects in my system.

 

Using Atlassian cloud and I'm on the edge of cancelling the subscription. The most annoying permission management system

Default permission scheme has things like that:

"Create Issues" and and default is "Application Role (Any logged in user) "  - so any new users instantly can manage new users? That is just stupid smile

 

Then this one: "Browse Projects - Ability to browse projects and the issues within them." The moment I add someone there, he can see everything again.

So, any ideas how to fix this? 

2 answers

Hi @Urmas Kungla

It sounds as though your system has already been amended in a way that is not appropriate for you. So here is a short guide to talk you through how to check your permissions and amend to a more appropriate set.  (There are other configuration options but here we are focussing on those that impact the permission of a person to do a particular action in particular Administrate)

Starting with the global permissions this is what I use (slightly different to the default in that I let everyone manage filters not just those in developer group). <yourhost>/secure/admin/GlobalPermissions!default.jspa

image2016-1-8 8:54:29.png

A key check here is to make sure that JIRA Administrators has not been altered to include the Users or JIRA Users groups.

Next you need to look at each permission scheme in your system.

Here are some of the settings that I use for my default scheme. I change this to remove the reference in most instances to developer and replace with user, but that may not be appropriate to you.

image2016-1-8 8:44:57.png

You need to review all permissions and set according to your requirements and repeat for each permission scheme.

Next is to check the membership of the groups at <yourhost>/admin/groups

In particular check who are members of the Administrator Group.

Then you need to look at the user roles on each project.

<yourhost>/plugins/servlet/project-config/<your project>/roles

and make sure that only users who should have administer permission are listed in the Administrator role, all users who should have access to the project are listed in the User role. You are likely to find that some of this is already covered by the user groups.

If you wish to restrict access to projects to certain users then remove the group users and simply list by name each user that should have access to the project. This can also be managed by anyone with project administration permission.

eg. 
image2016-1-8 9:4:19.png

becomes

image2016-1-8 9:5:42.png

if I want to restrict the project to just myself. 

One final check is to make sure that the settings for application access are correct at <yourhost>/admin/accessconfig

image2016-1-8 8:58:38.png

If Users or JIRA user groups have been added to JIRA administration this will give them the administrator permissions.

Hope this helps you return your system to a more stable situation.

Ok, thank you for your time putting together thid guide. I will look into it this weekend and get back to you with the results.

I finally got what I wanted- I can change the project and set myself to see everything and new users I can assign to separate projects one by one.

I also understand that I have to remove everyone and every group from every project and then one by one add them again. 

Also, it doesn't matter if I'm an administrator, I have to add myself into the group or user role in the project as well to be able to see it. Just being in administrator group as well gives me more permissions.

At least, when creating a new user, the user can't acces everything.

Thank you, for now, @Phill Fox

Glad to be able to help. If this solved your problem would you mind accepting the answer so that others who search in the future with similar issues have more chance of finding this.

The other thing is that when I add a user than after creation the user gets an email with access instructions but I haven't even set up user's groups. It's like I have to work like a superhero in light speed to be able to restrict user access to everything that the user shouldn't see.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in Jira

How to set up an incident workflow from the VP of Engineering at Sentry

Hey Atlassian community, I help lead engineering at Sentry, an open-source error-tracking and monitoring tool that integrates with Jira. We started using Jira Software Cloud internally last year, a...

1,095 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you