Requesting help in setting up Project browse restrictions Edited

Evening, 

We have multiple projects in our self hosted JIRA.  We want to bring a 3rd Party temporarily onboard, but only want them to see, access and edit that particular project.  

I've generated a new group in crowd which they are associated with, and no other group.  They can log in, but are able to see ALL projects, as opposed to just the one they are related to.  

The project in question has it's own permission scheme with the Browse projects permission accepting only users of this newly formed group.  All other projects are using a different scheme and don't include this new group in their browse permissions. 

I'm at a loose end as to why they can still see all projects? Employees who SHOULD be able to see all projects, can't see the new project with the new group in the browse filter... which makes sense... But then why can the 3rd Party who are only associated with this new group, still see all other projects? 

Thanks for any advice in advance.  

2 answers

2 accepted

1 votes
Joe Pitt Community Champion Sep 06, 2017

It sounds like since ALL can see by default you've put the jira-users (all users that can logon) group in the browse permissison. JIRA works on a GRAND PERMISSION model. By default, when a new user is created they are put in the jira-users group. You should remove that group from permission schemes. Then you'll be able to better manage permissions. 

Thanks Joe, 

With the information provided by both yourself and Eric, I was able to resolve the issue and get the result I was after! 

Going off of what Joe said, project visibility including the ability to see the project in the Project browser is controlled by the "Browse Projects" permission in a project permission scheme. If you are using the default permission scheme that ships with JIRA and have not modified it, it will allow all logged in users to see a project. Assuming you want all projects to be locked down to your company users by default, or you want to control project visibility differently on a project by project basis, I would recommend adding your company users all to a company specific group and adding that group to a global project role, such as 'Users'. From there, remove 'All logged in users' from the Browse Projects permission for your internal projects and add the 'Users' project role in it's place. From there, your company users will by default have access to your internal projects (and you can remove the group from the role and add specific users on a per project basis if needed).

What this will achieve is it will not only lock down project access by default to your company users, but it will also give you the ability to secure projects further if needed. I would recommend doing this to your Default permission scheme, as this will be the default scheme used upon project creation.

I know it's a bit convoluted, so let me know if you need further help (or a detailed step by step if you run into trouble) and I'll do my best to provide assistance. Also, in case you need to reference it, here is Atlassian's official doc on Project Permissions:

https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html

Thanks Eric, 

With the information provided by both yourself and Joe, I was able to resolve the issue and get the result I was after! 

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,755 views 11 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot