Step-by-step instructions for full set up of a Read-Only user

Leslie Cairns February 11, 2021

I'm looking for step by step instructions on how to set up a user with Read-only access to a project.

 

We have followed various instructions and created a user with Read-Only access (so we thought), but it appears that the 'any logged in user' setting is overriding the Read-only part because the test user was able to make comments and add attachments to a Jira task (the only 2 options that were attempted).

 

Instead of clicking on links from a page, which lead to links to other pages, I'd like clear-cut instructions #1,, #2, etc on what needs to be done, without effecting the current users access that are currently set up in the system.

 

2 answers

0 votes
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 11, 2021

Hi Leslie, welcome to the Community!

To be honest it can be challenging to provide foolproof step-by-step instructions w/o actually seeing the project w/ admin permissions. But let me see if I can assist and provide some guidance and steps that might get you there. 

I am going to assume you are using a Classic project here. If Next-gen, stop reading here.

First I'm sure you are correct that the "any logged in user" is at the root of the problem. If you have this role set for any permissions other than Browse then indeed any logged in user will have access. Makes sense, right? So ultimately you need to remove that specific role from any permission where you want to restrict permission. In other words If you want any logged in user to be able to Browse the issues in the project then leave the "any logged in user" role in place but remove for any/all other permissions. HOWEVER, you can't/shouldn't just remove that w/o first ensuring you replace it w/ a role that has all users that you want to have access. ALSO, very important here is to determine if this is a shared permission scheme. If so I recommend creating a new permission scheme and apply to the project.

With that preamble out of the way...

  1. check if permission scheme is shared - go to https://xxx.atlassian.net/secure/admin/ViewPermissionSchemes.jspa (replace xxx w/ your company) or just click on cog > issues and scroll down on the left sidebar to the bottom. Find your permission scheme for the project in question. Do you see other projects listed as using the scheme? If so you need to create a new permission scheme. You can either copy the current one or click Add at the top. Once done go to #2. If the scheme is dedicated to your project then...
  2. At this point you need to define who should have what permissions and you need to use existing roles/groups OR define a new role/group to help define your scheme. This is where it is difficult for me (or anyone) to be specific as we don't know what your current environment is like. For example, you might have default roles setup such that every new user goes into say "jira-users" role or maybe you are liberally using groups. Long story short you need to replace the "any logged in user" w/ something that equates to those that should have access.

I hope this helps.

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 11, 2021

You need to remove "any logged in user" from all the permissions first.

Then you will be able to create a "read only" user and add them to a read-only role in the project.

It's not a case of anything over-riding anything.  Jira's permissions are completely permissive, you have to say "person X can do Y".  Where you've got "any logged in user" identifying the person, you have a problem.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events