It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Restricting access of users

I have set up 2 projects in my Jira and I want 2 different groups of people to see each project and not have access to the other one. 

We are a publisher, so we have several devs working for us and obviously I can't have one developer see bugs/details of another developers project. 

I have done the following: 

- Invited Developer A to Jira

- Added Developer A to a specific Group 

- Added Developer A to their project within Jira

 

The problem I have is that Developer A can see a second project I have set up, despite the fact that I have not added him to that second project (it's a test at the moment, so not a big deal). Why can he see that project, despite me not having added him? How can I restrict people to their projects only? 

I have tried to read up on lots of answered questions here and documentation, but it's incredibly convoluted and does not make a whole lot of sense right now.

2 answers

1 accepted

2 votes
Answer accepted
Joe Pitt Community Leader Sep 25, 2019

First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.

JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups).  This is where users are getting their access.

  1. The FIRST thing you need to do to get control is to remove any groups with logon privileges from the permission scheme unless you absolutely want everyone to have that permission.
  2. Then I suggest you setup Project Roles for the various functions like, tester, QA, Browse Only, etc.
  3. By using project roles, one permission scheme will cover all projects. The project admin controls project role membership
  4. If the project leads want everyone that can logon access to the project they can add the logon group to a project role with the desired permissions.

This may be a big effort, but it will pay off down the road by making it easy to control access.

Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.

Hy @Andreas Gschwari 

you need to adjust the project permissions.

For a start, change the "Browse Projects" permission to a project role (or a group), then add a user to that project role (or group). Users not in this role (or group) should then not be able to view any issues in the project. 

regards

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

261 views 1 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you