I want to configure that a certain group of users has only access to specific projects (in jira cloud).
I've used following guide to accomplish this:
After this the group of users can only browse their projects, which is ok.
However, when creating a new jira-issue, the user can still see all project in the listbox of available project. This is not wanted of course.
Could you please explain me how to restrict the listbox of projects ?
Check all your permission schemes, looking at "Create Issues" and who/what that's granted to. Just now, in my own instance I found a few permission schemes giving access to any logged-in user, and others granting access to users with application access. Correcting those permissions -- even against schemes used by other projects -- did the trick. Now my users in one project may only create issues within one project.
Hi @Luke Brothers Do you mean you give access to "any logged-in" user? could you please further explain on the above how you did the trick to restrict user to create issues within one project (that he /she was not given access to), so that the user would not be able to create issues in the projects that they are not granted permission to. (though they are still able to see the list of projects in the project field). Thank you so much in advance.
Hi @Yi Voon Phan I don't believe I have users who can view other projects but only create issues in some specific projects. I needed to limit the projects users could see when creating issues. I accomplished this by opening all permission schemes and ensuring the "create issues" permission was accurate. I found that some permission schemes uses by other projects were giving all users permissions. So...even though these other permission schemes weren't used by my particular project they still allowed users access to other projects.
I don't understand.
All my other projects have another security sheme in which is defined that only another usergroup may browse.
For example :
I've configured :
When a user from group "usersgroup A" creates an issue, he still can see project B in the listbox of available projects.
I hope this helps to understand my problem.
There's a quirk here that I think we're missing.
This is going to sound very odd, but it comes out of two things - the code is easier, and it gives you a flexibility that some (rare) cases need.
I think you've got the security and visibility of existing issues right, and I think you understand it in full.
The confounding problem is that "create" is not the same as "browse". Us humans would instinctively think "if I can't see a project, then I can't do anything with it, so it should be invisible". But, hard Vulcan logic does not do that unless you explicitly state it, and Jira does not state it.
So, if you grant someone the right to, let's say, edit issues in a project, then they can technically edit the issues, even though they can't see them. Jira blocks that accidentally though, because in order to ask you what you want to change, it needs to tell you what is there, so as you can't see it, you can't do it. Most actions on issues fall into this category. Even though you might have permission to edit/delete/log-work/schedule issues, it gets blocked because you can't see it.
But, with "create issue", that does not happen. There's nothing to see, so Jira does not accidentally block it. It goes "yep, you can create this". And then tells you that you can't see what you just created. And, if you can create an issue in a project, then that project is offered to you on the project selection on the create menu and screens, because you can create!
So, what you want to do is modify the project permissions so the users without "Browse" don't have "Create" either.
(Before you ask for an example of where it useful - HR complaints against other individuals, compliance reporting and whistleblowing - you sometimes want to report something once and hide it from everyone, including the creator)
That's just the problem ... In my permission-scheme I already configured that the "create issues" permission is limited to the specific user-group. I also tried to configure with a specific project-role. But nothing seems to limit the available projects in the listbox when creating a new issue.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events