Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I'm burning up here- how to restrict a user or a group to 1 single project?

UrmasK
UrmasK January 7, 2016

Hi!

Read all kinds of documentation but I can't understand at all how should I do this.

This manual: https://confluence.atlassian.com/display/JIRAKB/How+to+restrict+project+access+to+different+isolated+user+groups

Confusing.

Granted these groups JIRA access by adding the groups to JIRA Users global permission" - what is that supposed to mean?!

It should be just that I pick a group and select project or project's this group can access. That's it. And then pick a user and assign the user to a group.

Right now ALL USERS get access to ALL projects in my system.

 

Using Atlassian cloud and I'm on the edge of cancelling the subscription. The most annoying permission management system

Default permission scheme has things like that:

"Create Issues" and and default is "Application Role (Any logged in user) "  - so any new users instantly can manage new users? That is just stupid smile

 

Then this one: "Browse Projects - Ability to browse projects and the issues within them." The moment I add someone there, he can see everything again.

So, any ideas how to fix this? 

Answer
Watch
Like Phill Fox likes this
1039 views

2 answers

1 vote
Phill Fox
Phill Fox
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 7, 2016

Hi @Urmas Kungla

It sounds as though your system has already been amended in a way that is not appropriate for you. So here is a short guide to talk you through how to check your permissions and amend to a more appropriate set.  (There are other configuration options but here we are focussing on those that impact the permission of a person to do a particular action in particular Administrate)

Starting with the global permissions this is what I use (slightly different to the default in that I let everyone manage filters not just those in developer group). <yourhost>/secure/admin/GlobalPermissions!default.jspa

image2016-1-8 8:54:29.png

A key check here is to make sure that JIRA Administrators has not been altered to include the Users or JIRA Users groups.

Next you need to look at each permission scheme in your system.

Here are some of the settings that I use for my default scheme. I change this to remove the reference in most instances to developer and replace with user, but that may not be appropriate to you.

image2016-1-8 8:44:57.png

You need to review all permissions and set according to your requirements and repeat for each permission scheme.

Next is to check the membership of the groups at <yourhost>/admin/groups

In particular check who are members of the Administrator Group.

Then you need to look at the user roles on each project.

<yourhost>/plugins/servlet/project-config/<your project>/roles

and make sure that only users who should have administer permission are listed in the Administrator role, all users who should have access to the project are listed in the User role. You are likely to find that some of this is already covered by the user groups.

If you wish to restrict access to projects to certain users then remove the group users and simply list by name each user that should have access to the project. This can also be managed by anyone with project administration permission.

eg. 
image2016-1-8 9:4:19.png

becomes

image2016-1-8 9:5:42.png

if I want to restrict the project to just myself. 

One final check is to make sure that the settings for application access are correct at <yourhost>/admin/accessconfig

image2016-1-8 8:58:38.png

If Users or JIRA user groups have been added to JIRA administration this will give them the administrator permissions.

Hope this helps you return your system to a more stable situation.

View More Comments
UrmasK
UrmasK January 8, 2016

Ok, thank you for your time putting together thid guide. I will look into it this weekend and get back to you with the results.

Like
UrmasK
UrmasK January 18, 2016

I finally got what I wanted- I can change the project and set myself to see everything and new users I can assign to separate projects one by one.

I also understand that I have to remove everyone and every group from every project and then one by one add them again. 

Also, it doesn't matter if I'm an administrator, I have to add myself into the group or user role in the project as well to be able to see it. Just being in administrator group as well gives me more permissions.

At least, when creating a new user, the user can't acces everything.

Thank you, for now, @Phill Fox

Like
Phill Fox
Phill Fox
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 18, 2016

Glad to be able to help. If this solved your problem would you mind accepting the answer so that others who search in the future with similar issues have more chance of finding this.

Like
Reply
0 votes
UrmasK
UrmasK January 7, 2016

The other thing is that when I add a user than after creation the user gets an email with access instructions but I haven't even set up user's groups. It's like I have to work like a superhero in light speed to be able to restrict user access to everything that the user shouldn't see.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events