Read all kinds of documentation but I can't understand at all how should I do this.
Granted these groups JIRA access by adding the groups to JIRA Users global permission" - what is that supposed to mean?!
It should be just that I pick a group and select project or project's this group can access. That's it. And then pick a user and assign the user to a group.
Right now ALL USERS get access to ALL projects in my system.
Using Atlassian cloud and I'm on the edge of cancelling the subscription. The most annoying permission management system
Default permission scheme has things like that:
"Create Issues" and and default is "Application Role (Any logged in user) " - so any new users instantly can manage new users? That is just stupid
Then this one: "Browse Projects - Ability to browse projects and the issues within them." The moment I add someone there, he can see everything again.
So, any ideas how to fix this?
Hi @Urmas Kungla
It sounds as though your system has already been amended in a way that is not appropriate for you. So here is a short guide to talk you through how to check your permissions and amend to a more appropriate set. (There are other configuration options but here we are focussing on those that impact the permission of a person to do a particular action in particular Administrate)
Starting with the global permissions this is what I use (slightly different to the default in that I let everyone manage filters not just those in developer group). <yourhost>/secure/admin/GlobalPermissions!default.jspa
A key check here is to make sure that JIRA Administrators has not been altered to include the Users or JIRA Users groups.
Next you need to look at each permission scheme in your system.
Here are some of the settings that I use for my default scheme. I change this to remove the reference in most instances to developer and replace with user, but that may not be appropriate to you.
You need to review all permissions and set according to your requirements and repeat for each permission scheme.
Next is to check the membership of the groups at <yourhost>/admin/groups
In particular check who are members of the Administrator Group.
Then you need to look at the user roles on each project.
and make sure that only users who should have administer permission are listed in the Administrator role, all users who should have access to the project are listed in the User role. You are likely to find that some of this is already covered by the user groups.
If you wish to restrict access to projects to certain users then remove the group users and simply list by name each user that should have access to the project. This can also be managed by anyone with project administration permission.
if I want to restrict the project to just myself.
One final check is to make sure that the settings for application access are correct at <yourhost>/admin/accessconfig
If Users or JIRA user groups have been added to JIRA administration this will give them the administrator permissions.
Hope this helps you return your system to a more stable situation.
I finally got what I wanted- I can change the project and set myself to see everything and new users I can assign to separate projects one by one.
I also understand that I have to remove everyone and every group from every project and then one by one add them again.
Also, it doesn't matter if I'm an administrator, I have to add myself into the group or user role in the project as well to be able to see it. Just being in administrator group as well gives me more permissions.
At least, when creating a new user, the user can't acces everything.
Thank you, for now, @Phill Fox
The other thing is that when I add a user than after creation the user gets an email with access instructions but I haven't even set up user's groups. It's like I have to work like a superhero in light speed to be able to restrict user access to everything that the user shouldn't see.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot