Requesting help in setting up Project browse restrictions Edited

Evening, 

We have multiple projects in our self hosted JIRA.  We want to bring a 3rd Party temporarily onboard, but only want them to see, access and edit that particular project.  

I've generated a new group in crowd which they are associated with, and no other group.  They can log in, but are able to see ALL projects, as opposed to just the one they are related to.  

The project in question has it's own permission scheme with the Browse projects permission accepting only users of this newly formed group.  All other projects are using a different scheme and don't include this new group in their browse permissions. 

I'm at a loose end as to why they can still see all projects? Employees who SHOULD be able to see all projects, can't see the new project with the new group in the browse filter... which makes sense... But then why can the 3rd Party who are only associated with this new group, still see all other projects? 

Thanks for any advice in advance.  

2 answers

2 accepted

This widget could not be displayed.
Joe Pitt Community Champion Sep 06, 2017

It sounds like since ALL can see by default you've put the jira-users (all users that can logon) group in the browse permissison. JIRA works on a GRAND PERMISSION model. By default, when a new user is created they are put in the jira-users group. You should remove that group from permission schemes. Then you'll be able to better manage permissions. 

Thanks Joe, 

With the information provided by both yourself and Eric, I was able to resolve the issue and get the result I was after! 

This widget could not be displayed.

Going off of what Joe said, project visibility including the ability to see the project in the Project browser is controlled by the "Browse Projects" permission in a project permission scheme. If you are using the default permission scheme that ships with JIRA and have not modified it, it will allow all logged in users to see a project. Assuming you want all projects to be locked down to your company users by default, or you want to control project visibility differently on a project by project basis, I would recommend adding your company users all to a company specific group and adding that group to a global project role, such as 'Users'. From there, remove 'All logged in users' from the Browse Projects permission for your internal projects and add the 'Users' project role in it's place. From there, your company users will by default have access to your internal projects (and you can remove the group from the role and add specific users on a per project basis if needed).

What this will achieve is it will not only lock down project access by default to your company users, but it will also give you the ability to secure projects further if needed. I would recommend doing this to your Default permission scheme, as this will be the default scheme used upon project creation.

I know it's a bit convoluted, so let me know if you need further help (or a detailed step by step if you run into trouble) and I'll do my best to provide assistance. Also, in case you need to reference it, here is Atlassian's official doc on Project Permissions:

https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html

Thanks Eric, 

With the information provided by both yourself and Joe, I was able to resolve the issue and get the result I was after! 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

174 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you