Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict users to project, but receive notifications for other project as well?

Todor Kostadinov
Todor Kostadinov April 22, 2013

Hi,

I know how to restrict users for seeing only one project with the permission scheme.

The problem is that all users from our Active Directory has "Browse Project permissions" for all project in order to receive e-mail notifications. When user log issue in our Service Desk with proper Notificaton scheme set, the user receive e-mail on Create and Resolve issue. This is very important for our organization since we use Jira for Incident and Request management. For that we have created separate group "All Active Directory users" and we granted that group "Browse Projects" permission.

Now I have to grant access to only one project to 2 of the same users which already belong to the "All Active Directory users" group. If I remove these 2 users from "All Active Directory users" they can only see one of the projects - mission accomplished. But they will no longer receive e-mail about their issues ( issues that they raised ) on other projects. And this is not acceptable.

Any ideas how to achive this?

Answer
Watch
Like Be the first to like this
871 views

5 answers

1 accepted

0 votes
Answer accepted
Todor Kostadinov
Todor Kostadinov May 12, 2014

I solved my problem with creation of duplicated users. One user ( from AD ) for ProjectA with permission scheme A, and another user ProjectB with scheme B with the same e-mail address.

Thank you all for your help.

Reply
0 votes
Todor Kostadinov
Todor Kostadinov April 22, 2013

Hi Vishnu, what do you mean? Ofcourse it is possible to create two different permission schemes for the 2 project, but it is not resolving my problem. Lets say we have ProjectA with permission scheme A, and ProjectB with scheme B. User Z have to be able to work on issues on ProjectA, receive notifications from ProjectB, but without be able to view issues on ProjectB. The point of this is that the same user is part of the business side and he will participate in on of the projects. In the same time his IP telephone may become unusable and he will call the service desk and receive e-mail notification with ticket number. When the issue is resolved he will receive e-mail notification with the resolution. It is not necesary for him to be able to view the issue in Jira, but he will be informed that his issue is resolved. This was implemented for more than 2000 users and it is working fine, they do not have rights to login in Jira. We just created a dumb group with all users in our Active Directory and granted "Browse Projects' rights for the group. Users are informed that their issue ( incident, request and etc. ) is logged from the Service desk, and they have an issue number. They can call Service desk 2 days later and ask what is happening with their issue with this number. So far the only possible solution I can imagine is to create new users in Jira for the 2 business users with the same e-mail adresses. This way they will receive notifications for ProjectB, and they will have to login with the with their new Jira accounts in order to view and work on issues in ProjectA.

P.S Please excuse my English. I hope that you understand my point.

Reply
0 votes
Vishnukumar Vasudevan
Vishnukumar Vasudevan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 22, 2013

Can't you try creating new permission scheme for these two projects ?

Reply
0 votes
Todor Kostadinov
Todor Kostadinov April 22, 2013

Hi Ahmad,

My problem is that I have to restrict users to be able to see only one project and in the same time to receive notifications for other projects. I know that users have to be in "Browse projects" permission in order to receive notifications. Maybe I should use some security scheme, but how can apply that scheme to the old issues in the projects?

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 22, 2013

Simply put, that is not going to happen without code, or non-ideal configuration

If a user cannot see an issue, then they will not get email about it. End of story - and correct design I should point out - emailing people with stuff they can't see is a security loophole, so you *should* have to work hard to break the security model.

To keep it really minimal, you'd only grant your restricted users "browse" in the projects they should get mail from, which means they can't update anything.

If you really do want to break the security, then you've got two basic options

1. Find/write plugins that bypass the security and send mail to people who can't normally see the issues

2. Work around it - create dummy users for your users who should get email. Use those in the "restricted" project, making sure they do have "browse". But then give them random passwords that you never give to anyone. They'll get email, but not be able to log in. You can even disable the accounts I think, as long as the permissions still allow them "browse" in the projects that are going to send email.

As for security schemes - these hide individual issues inside projects. And the rules about "can't see issue, won't get email" still apply - if it's hidden with a security scheme, then the user won't get the email unless they're in the "can see the issue" group/role/etc.

Issue security is applied for you though. When you tell a project "use this security scheme" it will ask you what the default level is and apply it to the existing issues.

Like
Todor Kostadinov
Todor Kostadinov April 22, 2013

Hi Nic,

You are not right about that if a user cannot see an issue, then they will not get email about it.

Please see how we do this with our Active Directory users in my answer below.

But you gave me excelent idea - to create new users.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 22, 2013

Sorry, but I am right. Users who can not see an issue in Jira will not be emailed about it.

You've worked around it in AD, because those users automatically have browse, but if you remove that, they won't get the emails. There's the workaround that makes Jira send emails to groups that the users happen to be in, but that's *not* mailing the user direct.

I should have been more clear though. A *jira* user will not be sent emails *by jira* if they do not have the rights to see an issue. Emails may well come via other routes, of course.

Like
Todor Kostadinov
Todor Kostadinov April 22, 2013

Hi Nic,

I think we are both part right. The users from AD are not auto added to any group. I add them in a group and then I grant the group "Browse permissions" manually for a project. But since they do not belong to jira-users group they are not able to log in and if they are not able to login in Jira they can not see the issue. But they receive the e-mail notifications.

Like
Reply
0 votes
Faisal
Faisal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 22, 2013

Hi Todor,

I am afraid that in order for users to receive notifications for issues operations, users must be granted the Browse Projects permission in for the project. This is as per stated in the documentation on JIRA Notification Scheme:
- Creating a Notification Scheme

Please see the information outlined at the bottom of the documentation:

Email notifications will only be sent to people who have permission to view the relevant issue — that is, people who:

Since this is the case, I believe that you must ensure that the relevant users are granted the Browse Project permission and is included in the issue security levels in order to ensure that they get the notifications whenever an issue is created or resolved.

Though it's not much, I hope that this helps to clarify the matter.

Ahmad.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events