I'm looking for step by step instructions on how to set up a user with Read-only access to a project.
We have followed various instructions and created a user with Read-Only access (so we thought), but it appears that the 'any logged in user' setting is overriding the Read-only part because the test user was able to make comments and add attachments to a Jira task (the only 2 options that were attempted).
Instead of clicking on links from a page, which lead to links to other pages, I'd like clear-cut instructions #1,, #2, etc on what needs to be done, without effecting the current users access that are currently set up in the system.
Hi Leslie, welcome to the Community!
To be honest it can be challenging to provide foolproof step-by-step instructions w/o actually seeing the project w/ admin permissions. But let me see if I can assist and provide some guidance and steps that might get you there.
I am going to assume you are using a Classic project here. If Next-gen, stop reading here.
First I'm sure you are correct that the "any logged in user" is at the root of the problem. If you have this role set for any permissions other than Browse then indeed any logged in user will have access. Makes sense, right? So ultimately you need to remove that specific role from any permission where you want to restrict permission. In other words If you want any logged in user to be able to Browse the issues in the project then leave the "any logged in user" role in place but remove for any/all other permissions. HOWEVER, you can't/shouldn't just remove that w/o first ensuring you replace it w/ a role that has all users that you want to have access. ALSO, very important here is to determine if this is a shared permission scheme. If so I recommend creating a new permission scheme and apply to the project.
With that preamble out of the way...
I hope this helps.
You need to remove "any logged in user" from all the permissions first.
Then you will be able to create a "read only" user and add them to a read-only role in the project.
It's not a case of anything over-riding anything. Jira's permissions are completely permissive, you have to say "person X can do Y". Where you've got "any logged in user" identifying the person, you have a problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.