We have multiple projects in our self hosted JIRA. We want to bring a 3rd Party temporarily onboard, but only want them to see, access and edit that particular project.
I've generated a new group in crowd which they are associated with, and no other group. They can log in, but are able to see ALL projects, as opposed to just the one they are related to.
The project in question has it's own permission scheme with the Browse projects permission accepting only users of this newly formed group. All other projects are using a different scheme and don't include this new group in their browse permissions.
I'm at a loose end as to why they can still see all projects? Employees who SHOULD be able to see all projects, can't see the new project with the new group in the browse filter... which makes sense... But then why can the 3rd Party who are only associated with this new group, still see all other projects?
Thanks for any advice in advance.
It sounds like since ALL can see by default you've put the jira-users (all users that can logon) group in the browse permissison. JIRA works on a GRAND PERMISSION model. By default, when a new user is created they are put in the jira-users group. You should remove that group from permission schemes. Then you'll be able to better manage permissions.
Going off of what Joe said, project visibility including the ability to see the project in the Project browser is controlled by the "Browse Projects" permission in a project permission scheme. If you are using the default permission scheme that ships with JIRA and have not modified it, it will allow all logged in users to see a project. Assuming you want all projects to be locked down to your company users by default, or you want to control project visibility differently on a project by project basis, I would recommend adding your company users all to a company specific group and adding that group to a global project role, such as 'Users'. From there, remove 'All logged in users' from the Browse Projects permission for your internal projects and add the 'Users' project role in it's place. From there, your company users will by default have access to your internal projects (and you can remove the group from the role and add specific users on a per project basis if needed).
What this will achieve is it will not only lock down project access by default to your company users, but it will also give you the ability to secure projects further if needed. I would recommend doing this to your Default permission scheme, as this will be the default scheme used upon project creation.
I know it's a bit convoluted, so let me know if you need further help (or a detailed step by step if you run into trouble) and I'll do my best to provide assistance. Also, in case you need to reference it, here is Atlassian's official doc on Project Permissions:
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot