I have set up 2 projects in my Jira and I want 2 different groups of people to see each project and not have access to the other one.
We are a publisher, so we have several devs working for us and obviously I can't have one developer see bugs/details of another developers project.
I have done the following:
- Invited Developer A to Jira
- Added Developer A to a specific Group
- Added Developer A to their project within Jira
The problem I have is that Developer A can see a second project I have set up, despite the fact that I have not added him to that second project (it's a test at the moment, so not a big deal). Why can he see that project, despite me not having added him? How can I restrict people to their projects only?
I have tried to read up on lots of answered questions here and documentation, but it's incredibly convoluted and does not make a whole lot of sense right now.
First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.
JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups). This is where users are getting their access.
This may be a big effort, but it will pay off down the road by making it easy to control access.
Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.
you need to adjust the project permissions.
For a start, change the "Browse Projects" permission to a project role (or a group), then add a user to that project role (or group). Users not in this role (or group) should then not be able to view any issues in the project.
Hi. this is not an answer - just another doubt - This way, all users can still see the projects they are not envolved with. They cannot see their issues but they still see a lot of projects and I don't want that. How can I set this so that a user only sees listed the projects he has access to?
If they can see them the permission scheme is giving them access. JIRA doesn't restrict access, it gives access. However by default it gives it to everyone by giving it to all users that can logon. The out of the box permissions are junk. You need to rework them as @Michael Wohlgemuth and I said above. Next Gen projects I believe have a public/private setting if you're using them. I don't.
I cnahed the
so that only users who have an administrator or a deeloper role in the project can do stuff there (or browse projects).
All my projects are using that scheme.
Still, all users are able to see the projects list (then, they don't see the tasks when they open projects where they don't have a role). But they are seeing the projects list as well as seeing the boards' listing.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events