restrict a user to a project

Is there a step by step guide for restricting a user to one project?

i.e. We have 30 projects and i want 3 users to have access to only one of these and the other projects not visible when they log in!

There seems to be so many theories on how to achieve this, looking for a "best practice" method

 

3 answers

1 vote

There's no "so many theories", there's one really basic simple way to do it.

  1.  Remove global generalised access to all projects
  2. Allow your 3 users access to the projects they should see

This is not that complex.  What usually happens with these questions is that you've gone with the default JIRA permissions which say "put all users in the 'can log into Jira' group", which is then used to also say "is a user in all projects by default".  You need to un-pick this and re-engineer your underlying basic permissions and access model.

You will hear an alternative which relies on using "security schemes".  This is a lot harder, messier and NOT the best approach because you have to set up a whole new swathe of config and remember to use it.  PLEASE, stick to the approach above.  Security schemes are intended for a different use-case.

 

Thanks Nic,

I should have also added that I also want all of the other JIRA users to have access to this particular project, lets call it "xxx" with the rights of "jira-developers" but the 3 users to only see project"xxx" with basic access of add/edit/delete comments, add/edit/delete attachments etc.

So can I assume I need to do the following then:

  1. Create a new group in "User Management" for the 3 users
  2. Copy the "Default permission Scheme"
  3. Edit this copied scheme and remove all references to the  jira-users (group) and Project Role (users)
  4. Add the new group to the project permissions I want them to have

Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this?

 

That's not quite what I would do. * Create a new group in "User Management" for the 3 users * Copy the "Default permission Scheme" * Edit this copied scheme and remove all references to the jira-users (group) * In all my projects, remove "Jira-users" from the Role of Users * Add the new group to the project role I want them to have in each project >Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this? That is pretty much the right thing - only add the people you need into roles. And always avoid using jira-users for anything that is not completely global.

From the beginning, as we start using Jira, we defined project groups for each project and handling the permission to access the project by being a member of the respective groups i.e. roles in the project. In the meantime we use also groups based on the project category. All projects, which belong to that category, share the same groups. We have also separated projects, only visible to a defined group.

What we do not use, is the default groups jira-users and jira-developers to access projects. Our handling works, even with a basic permission scheme. 

Ok this what I have implemented and it works great for us:

* Create a new group "XXX" in User Management for the 3 users

* Copy the "Default permission Scheme"

* Edited this copied scheme and remove all references to the  jira-users (group) and Project Role (users)

* Added the new group "XXX"  to each project role I removed jira-users and Project Role (users) from.

* Added the "IT" group to each project role I removed jira-users and Project Role (users) from. (this way I can still have IT seeing all projects)

The only issue I see is I have to create a new group and new permission scheme for each department I want to implement this for. Otherwise it works fine.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,532 views 15 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you