Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Need help understanding how permission scheme works

Joseph Kodjo-Kuma Djomeda
Joseph Kodjo-Kuma Djomeda October 16, 2017

Hello Guys,

Sorry if this has been discussed over and over again. I have actually read the documentation and I seem to be lacking some understanding. I created a project  A. The project is a procurement project to which I have added only administrators and Finance groups As shows below 

Selection_215.png

I have created some project roles as well shown below

Selection_217.pngI have copied the default permission scheme and assigned the copied one to the Procurement project.  To my surprise, everyone can see all the projects regardless of group added under the people section of the project. This has confused me  really. So with more readings, I am thinking I need to edit the permission scheme to use.

 

While editing the permission scheme, at the view project section,  I am not sure of what to use. The intention is that only allowed people in the "people" section of the said project should even see the project. So what is the generic way of saying here that only members of the project should see the project?

 

Selection_214.png

 

Thanks for reading and thanks in advance for all your answers.

Answer
Watch
Like Be the first to like this
507 views

1 answer

0 votes
Joe Pitt
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 16, 2017

The access model has not changed since Jira 3.6, although some of the default groups did change with Jira 7.0.  Best practices for security purposes is to only give users what they need. JIRA uses the Grant model which supports this, not a ‘restrict’ model,

The principle is:

  • Grant people the ability to log in
  • Grant people the ability to use the projects they need, but only the level they need.

The problem most new users have traces back to Atlassian’s default settings of allowing the "group of users that can log in and use an application", permission to everything in a project. This ends up meaning "can use application" becomes "can log in and see everything"

So, you need to delete that group from all the permission schemes.  If you do that right away life will be much easier.  In your screenshot it is the 'any logged in user'

  • Go to "manage applications" and check what the login group is
  • Look at all active permission schemes and check how they allow "browse" access to projects, ensuring they say something simple like "Role: user"
  • Go through all your projects and remove the "can use application" group from the role of user (and others if the permission scheme says so).  Replace it with the groups and users who should have access to the project.
  • Go to Admin -> Roles and change the default role memberships to be empty for users, developers and so-on.  This prevents new projects accidentally granting access to limited users
View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 16, 2017

Didn't I write that?

Like
Joe Pitt
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 16, 2017

mostly. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 16, 2017

I don't feel so bad for stealing your "don't allow delete" paragraph now. :-)

Like
Joseph Kodjo-Kuma Djomeda
Joseph Kodjo-Kuma Djomeda October 17, 2017

Hello Joe,

Thanks for your time and your answer. I appreciate. Sorry for the delay in replying.

I have not seen anything yet call manage application yet in jira cloud. So a wild guess would be either "Site Administration > Application access" as shown below

Selection_222.png

Or another guess is "Jira > settings > Applications" shown below

Selection_221.png

Ultimately , I have seen in "Site Administration > Applicaiton Access > view configuration button" a list of group, so I created a group called DreamTeam and make it the default "can sign in" group
Selection_223.png
I also have not seen in project roles how to make one a default project roles. So I went back to the permission schemes all the 3 projects are using and assigned the browse projects to a role "Regular Member" and this role has no members. I am not sure at this point if we are on the same page

Selection_217.pngSelection_224.png

If we are on the same page then , I will go on and change required permission to be granted to project role regular member

thanks again

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events