Requesting help in setting up Project browse restrictions Edited

Evening, 

We have multiple projects in our self hosted JIRA.  We want to bring a 3rd Party temporarily onboard, but only want them to see, access and edit that particular project.  

I've generated a new group in crowd which they are associated with, and no other group.  They can log in, but are able to see ALL projects, as opposed to just the one they are related to.  

The project in question has it's own permission scheme with the Browse projects permission accepting only users of this newly formed group.  All other projects are using a different scheme and don't include this new group in their browse permissions. 

I'm at a loose end as to why they can still see all projects? Employees who SHOULD be able to see all projects, can't see the new project with the new group in the browse filter... which makes sense... But then why can the 3rd Party who are only associated with this new group, still see all other projects? 

Thanks for any advice in advance.  

2 answers

2 accepted

1 vote
Joe Pitt Community Champion Sep 06, 2017

It sounds like since ALL can see by default you've put the jira-users (all users that can logon) group in the browse permissison. JIRA works on a GRAND PERMISSION model. By default, when a new user is created they are put in the jira-users group. You should remove that group from permission schemes. Then you'll be able to better manage permissions. 

Thanks Joe, 

With the information provided by both yourself and Eric, I was able to resolve the issue and get the result I was after! 

Going off of what Joe said, project visibility including the ability to see the project in the Project browser is controlled by the "Browse Projects" permission in a project permission scheme. If you are using the default permission scheme that ships with JIRA and have not modified it, it will allow all logged in users to see a project. Assuming you want all projects to be locked down to your company users by default, or you want to control project visibility differently on a project by project basis, I would recommend adding your company users all to a company specific group and adding that group to a global project role, such as 'Users'. From there, remove 'All logged in users' from the Browse Projects permission for your internal projects and add the 'Users' project role in it's place. From there, your company users will by default have access to your internal projects (and you can remove the group from the role and add specific users on a per project basis if needed).

What this will achieve is it will not only lock down project access by default to your company users, but it will also give you the ability to secure projects further if needed. I would recommend doing this to your Default permission scheme, as this will be the default scheme used upon project creation.

I know it's a bit convoluted, so let me know if you need further help (or a detailed step by step if you run into trouble) and I'll do my best to provide assistance. Also, in case you need to reference it, here is Atlassian's official doc on Project Permissions:

https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html

Thanks Eric, 

With the information provided by both yourself and Joe, I was able to resolve the issue and get the result I was after! 

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Apr 17, 2018 in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

763 views 2 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you