Is there a step by step guide for restricting a user to one project?
i.e. We have 30 projects and i want 3 users to have access to only one of these and the other projects not visible when they log in!
There seems to be so many theories on how to achieve this, looking for a "best practice" method
There's no "so many theories", there's one really basic simple way to do it.
This is not that complex. What usually happens with these questions is that you've gone with the default JIRA permissions which say "put all users in the 'can log into Jira' group", which is then used to also say "is a user in all projects by default". You need to un-pick this and re-engineer your underlying basic permissions and access model.
You will hear an alternative which relies on using "security schemes". This is a lot harder, messier and NOT the best approach because you have to set up a whole new swathe of config and remember to use it. PLEASE, stick to the approach above. Security schemes are intended for a different use-case.
I should have also added that I also want all of the other JIRA users to have access to this particular project, lets call it "xxx" with the rights of "jira-developers" but the 3 users to only see project"xxx" with basic access of add/edit/delete comments, add/edit/delete attachments etc.
So can I assume I need to do the following then:
Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this?
That's not quite what I would do. * Create a new group in "User Management" for the 3 users * Copy the "Default permission Scheme" * Edit this copied scheme and remove all references to the jira-users (group) * In all my projects, remove "Jira-users" from the Role of Users * Add the new group to the project role I want them to have in each project >Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this? That is pretty much the right thing - only add the people you need into roles. And always avoid using jira-users for anything that is not completely global.
From the beginning, as we start using Jira, we defined project groups for each project and handling the permission to access the project by being a member of the respective groups i.e. roles in the project. In the meantime we use also groups based on the project category. All projects, which belong to that category, share the same groups. We have also separated projects, only visible to a defined group.
What we do not use, is the default groups jira-users and jira-developers to access projects. Our handling works, even with a basic permission scheme.
Ok this what I have implemented and it works great for us:
* Create a new group "XXX" in User Management for the 3 users
* Copy the "Default permission Scheme"
* Edited this copied scheme and remove all references to the jira-users (group) and Project Role (users)
* Added the new group "XXX" to each project role I removed jira-users and Project Role (users) from.
* Added the "IT" group to each project role I removed jira-users and Project Role (users) from. (this way I can still have IT seeing all projects)
The only issue I see is I have to create a new group and new permission scheme for each department I want to implement this for. Otherwise it works fine.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG