restrict a user to a project

IT Admin September 8, 2014

Is there a step by step guide for restricting a user to one project?

i.e. We have 30 projects and i want 3 users to have access to only one of these and the other projects not visible when they log in!

There seems to be so many theories on how to achieve this, looking for a "best practice" method

 

3 answers

1 vote
Jose M.
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 9, 2014

From the beginning, as we start using Jira, we defined project groups for each project and handling the permission to access the project by being a member of the respective groups i.e. roles in the project. In the meantime we use also groups based on the project category. All projects, which belong to that category, share the same groups. We have also separated projects, only visible to a defined group.

What we do not use, is the default groups jira-users and jira-developers to access projects. Our handling works, even with a basic permission scheme. 

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 8, 2014

There's no "so many theories", there's one really basic simple way to do it.

  1.  Remove global generalised access to all projects
  2. Allow your 3 users access to the projects they should see

This is not that complex.  What usually happens with these questions is that you've gone with the default JIRA permissions which say "put all users in the 'can log into Jira' group", which is then used to also say "is a user in all projects by default".  You need to un-pick this and re-engineer your underlying basic permissions and access model.

You will hear an alternative which relies on using "security schemes".  This is a lot harder, messier and NOT the best approach because you have to set up a whole new swathe of config and remember to use it.  PLEASE, stick to the approach above.  Security schemes are intended for a different use-case.

 

IT Admin September 9, 2014

Thanks Nic,

I should have also added that I also want all of the other JIRA users to have access to this particular project, lets call it "xxx" with the rights of "jira-developers" but the 3 users to only see project"xxx" with basic access of add/edit/delete comments, add/edit/delete attachments etc.

So can I assume I need to do the following then:

  1. Create a new group in "User Management" for the 3 users
  2. Copy the "Default permission Scheme"
  3. Edit this copied scheme and remove all references to the  jira-users (group) and Project Role (users)
  4. Add the new group to the project permissions I want them to have

Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this?

 

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 9, 2014

That's not quite what I would do. * Create a new group in "User Management" for the 3 users * Copy the "Default permission Scheme" * Edit this copied scheme and remove all references to the jira-users (group) * In all my projects, remove "Jira-users" from the Role of Users * Add the new group to the project role I want them to have in each project >Still unsure how to tackle "Browse Projects" permission. Do I just add all the groups except jira-users to this? That is pretty much the right thing - only add the people you need into roles. And always avoid using jira-users for anything that is not completely global.

0 votes
IT Admin September 9, 2014

Ok this what I have implemented and it works great for us:

* Create a new group "XXX" in User Management for the 3 users

* Copy the "Default permission Scheme"

* Edited this copied scheme and remove all references to the  jira-users (group) and Project Role (users)

* Added the new group "XXX"  to each project role I removed jira-users and Project Role (users) from.

* Added the "IT" group to each project role I removed jira-users and Project Role (users) from. (this way I can still have IT seeing all projects)

The only issue I see is I have to create a new group and new permission scheme for each department I want to implement this for. Otherwise it works fine.

Suggest an answer

Log in or Sign up to answer