Need help with user permissions

Shaina April 25, 2017

I created a user and want to configure his permissions in a way that he can only have access to 2 of the projects that we manage in Jira. How can I achieve this?
I tried to read several articles I found online but got lost.

3 answers

1 accepted

1 vote
Answer accepted
Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 25, 2017

This all depends on the permission schemes that are configured for those two projects - they may have a shared permission scheme, but they also might have different permissions.

This also depends on the type of access the user should have to the projects - should he or she have full access? Read-only access? Project admin access?

If you can figure out the type of access you want to provide this user, then take a look at the permission schemes for these projects, you can then figure out how you will need to add the user to the project. As mentioned here, project permissions are granted based on:

  • Individual users
  • Groups
  • Project roles
  • Issue roles such as 'Reporter', 'Project Lead', and 'Current Assignee'
  • 'Anyone' (e.g. to allow anonymous access)
  • A (multi-)user picker custom field.
  • A (multi-)group picker custom field. This can either be an actual group picker custom field, or a (multi-)select-list whose values are group names.

Hope that simplifies it a bit for you into actionable steps. Every JIRA instance handles this a different way, so I can't really give a straightforward answer since I don't know how that JIRA instance is set up.

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 25, 2017

Additionally, I wouldn't change the permission schemes to give this user access. I would figure out which permissions the user needs, then see which roles/groups have those permissions and add the user to one of those roles/groups.

Shaina April 25, 2017

Admin permissions for just those 2 projects. Everything has the default settings, we have not customized anything.
If I add him to the admin group, wouldn't he have access to everything? I am an admin and I can see everything. 

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 25, 2017

I would not put him in the admin group you mentioned as he would be able to see the same thing you do.

If you want to give him admin permissions for those two projects and you're using the default permission scheme, then you should just be able to add him to the Adminstrators project role just for those two projects (the project role is not the same thing as the admin group you mentioned).

Shaina April 26, 2017

I went to the Project > Project Settings >Users and Roles >Add User to a Role >Selected his name as the User and Administrator as the Role. 
Let me test how this works.

Shaina April 26, 2017

When I log in as the user, I can't see the Projects tab on the navigation.
When I go to this user's profile I see the message "The user is not a member of any groups". 
Should I check the Application access: JIRA Software checkbox?

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

Sounds like this user does not have the "Browse Projects" permission under the current permission scheme. If you're using the default permission scheme, this permission is granted to the Users project role, so you'll probably need to add him to that project role, too.

Re: the JIRA Software checkbox - is the project a Software project? If yes, you will need to check this box.

Shaina April 26, 2017

I did check that box for him and it grants him permission to see everything :/

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

What groups do you have configured in for the JIRA Software Application Access? You can find that in the admin under Applications > Application Access.

You should see a list of groups here - what is the default user group set under Application Access? If that group has permission to see everything, then he is also going to see everything.

Ashutosh Salgarkar August 4, 2017

I want to use capacity view but as explained in the tutorial, I do not see team option under which capacity view is supposed to be listed.

Am I having right permissions ?

All I see is Dashboard, Projects, Issues, Boards

0 votes
Shaina April 27, 2017

THANK YOU SO MUCH FOR YOUR HELP ALEX!!!

0 votes
Shaina April 26, 2017

This is how that section is set up:

Capture.PNG

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

At this point, I would look at the user's project roles in the User Management section in the JIRA admin. Find the user in User Management, then in the Actions column, click the option to "View project roles" - here, you'll be able to see which projects the new user has access to and why (whether he has been added to a project role directly, or if he is part of some user group that belongs to a project role).

My current guess as to what happened here is that the jira-users group has access to all projects and the new user was put into that group automatically when he was added to the JIRA Software application.

Shaina April 26, 2017

According to the configuration, he should only have access to the 2 projects that I added him to using your recomended steps.
Yes, I also think the issue comes with him belonging to the jira-users (default) group. But if I remove him from that group he can't see anything. :S
Untitled.png

Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

It isn't good practice to add the jira-users group to ANY permission scheme or role unless you specifically want EVERYONE to have that permission.  Using it in permission schemes causes this problem to many people. I've had very few projects I've ever wanted universal access to

Shaina April 26, 2017

It must have been configured like that by the previous administrator. How do I fix that?

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

Check the global permissions under System > Global Permissions and see if the jira-users group appears anywhere. I would also check the permission schemes under Issues > Permission Schemes for the same thing just in case.

Shaina April 26, 2017

Yes, they appear on 2 of those categories.

Capture.PNG

Shaina April 26, 2017

In the Permission Schemes all I see is 90% of our projects listed under Default Permission Scheme and 2 or 3 under Default software scheme. 
I don't really know how this section works.

Alex Christensen
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2017

Click on Permissions next to "Copy" and "Edit" to see a list of various permissions and which users/roles/groups are assigned to each permission.

permission_scheme.PNGYou can add/remove users/roles/groups to these permissions. Any changes you make to the scheme(s) will be reflected on the projects which use those schemes.

Shaina April 27, 2017

I think it is finally working the way we wanted now.


What did I do?
• Used a different permission scheme for the 2 projects we wanted to grant him access. Everything else remained on the default scheme.

On the default scheme:
• Changed the permision to Browse Projects from "Application Access: Any logged in user" and changed it to "Group: Develoment Team" (I created this group with all the employees on it beforehand but Mark)

On the new scheme:
• Under Administer Projects: I granted him permission using the single user option. 
• Under Browse Projects: Removed "Application access: Any logged in user" and changed it to "Group: Development Team" (I created this group with all the employees on it beforehand) and added him using the single user option.

Shaina April 27, 2017

1.png2.png

Suggest an answer

Log in or Sign up to answer