Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to give a user (read-only) access to a single project and nothing more

This article is meant to answer a question that some new Jira admins often have, especially after using Jira for only a few weeks or months. In here you will learn how to provide some users access to only one (or a few) project(s). This is especially useful if your Jira site needs to be accessed by some of your clients and they only need to see the projects that involve them.

Note that this procedure requires you to be a site-admin and a Jira administrator.
Also note that this article is only applicable for classic projects, as next-gen projects have their own, separate permission mechanism.

Summary(tl;dr): Create a project role named 'clients', a users group named 'internal-users'. Assign all the internal users membership to the group 'internal-users' and for each client assign them the project role 'clients' in their respective project. Remove any logged-in user from all the permission schemes and replace it with the group 'internal-users' and the project role 'clients' for the Browse projects permission.

Long version (complete instructions):

Part 1: Create a project role named 'clients': 
Navigate to Jira Settings System → Project Roles and at the bottom of the page, add a new project role. Name: Clients. Description: Jira users that need to only see their belonging projects.

Part 2: Create a users group that will contain all the internal users (all users except for your clients):
Navigate to the site administration area by clicking the 9-dots at the bottom left corner (Switch to→ Site administration → Groups → Create group (top-right corner). Give the group a name like 'internal-users'. This group will contain all Jira users that are part of your organization and need access to all the project (all your colleagues and not your clients).

Part 3: Add all other users except for clients (your colleagues) to this new group.
In the Site administration → Groups page, click on the newly-created group and then click Add members (top-right). Select all the users that are not your clients and then click Add.

Part 4: Add the newly created group and project role to all permission schemes:
Navigate to Jira Settings → Issues → Permission Schemes(down at the bottom). Locate the Default permission scheme and on its right-hand side click Permissions
For every permission that is granted to Application access: Any logged-in user, click on Edit, select Group and then select the name of the group that you created ('internal-users') and contains all the internal users. 
For the Browse Projects permission, also add Project role → Clients.
Locate all the permissions that are granted to  Application access: Any logged-in user, and on their right-hand side click Remove, select Application Access: Any logged-in user and click Remove.

This step needs to be repeated for all the permission schemes. Most likely there is one permission scheme named Default Software Scheme and the same steps need to be performed there. Ignore all the permission schemes generated by Jira Service Desk. These permission schemes will have Service Desk in their name so they are easily recognizable.

Part 5: Adding a client to a project
Navigate to a project where a client needs access, then go to Project Settings → People → Add people (top-right). Select the users (clients) that need read-only access to this project, then select the project role Clients and then click Add.

Repeat this last step for all the projects, adding the associated client to their own project.

14 comments

My clicky finger is hanging from a tendon.

Like # people like this

Thank you for this article.. helped me a lot!

Finally, the source I was desperately looking for. Thank you kindly for this article.

Thank you - been struggling with this a while. A really easy process to follow :)

Great article. One question, what do I change in the above steps if I want to give the clients access to create tasks in the one specific project I give them access to? Thanks

Like Andrew Dunne likes this

Same question: I want to give the clients access to create tasks in the one specific project I give them access to?

Like # people like this

The ONLY post that helped me understand this annoyingly complex topic. THANK YOU!

Like Chris Choy likes this

As a new Atlassian administrator, I cannot thank you enough for posting this!!!

This is the only post that clearly goes over each step on how to properly set permissions restriction in Jira. This has been a real nightmare before reading this as all the other community posts were either out of date by several years or just convoluted at making a bunch of assumptions. 

Thank you! 

I have a similar question to @Deborah Dean and @Jens Strobel

 

How do I provide access to an external partner to create tasks etc in the one project I give them access to?

Hello, great post! Clearly explained!

I have been able to set permissions to view a specific project. 

However, I do not want the external user to see these options. How do I remove them from their view?

Screenshot from 2020-11-28 05.42.25.png

Screenshot from 2020-11-28 05.41.29.png

Thanks in advance

Babu

Good morning @Claudiu Lionte 

I am site admin and we are using jira cloud. I have created a couple of projects with the Company managed template. I have been able to achieve the following for our projects:

Step 1: I have created 2 new groups (Srcum Team, and Read Only/Client).

Step 2: I created a new scheme from the default software scheme. In this new scheme I replaced all of the instances of (Application access: Any logged-in user) with (Group: Scrum Team). Then I added (Group: Read Only) to the Browse Projects permission section only in the same scheme.

Step 3: I added all of our users who will be working on this project to the Scrum Team Group and I added the customer to the Read only/Client group 

Step 4: I applied the new scheme to our projects.

Important Note: after doing steps 1-4 above, I am part of the Scrum Team but was not able to view the project at all. Then I realized that there is one small step that is not mentioned in any of the articles that had come across (At least it was not clear to me as a beginner). That step was to add the product to any newly created groups so that those new groups that you create have user permissions on the Jira Software product. After I realized that I did step 5

Step 5: Go to Site administration → Groups and locate the newly created groups, click on one the newly created groups, then under the Group product access section click on add product. Select Jira Software and make sure this new group has a user permission role on the product. Repeat this process for any other newly created groups.


Now, steps 1-5 above gave me what I need using groups in my permission scheme to create a simple access control path on my projects.

The outstanding question I still have is: How do you perform the same thing but using project roles instead of Groups?

I have created the project roles and added them to my Scheme. The one step that I have not figured out yet is how to do steps 5 above for project roles. 

Please let me know what I am missing here. Once I hear from you I can share the big vision that I have for creating a good access control path for our different teams and their projects.

Thank you,

Sama

To add clients the possibility of creating issues in that project, at Part 4, right after

"For the Browse Projects permission, also add Project role → Clients", you'll have to add Project role → Clients for the Create issues permission.

 

@Sama Bahjat If I understand correctly, your questions is around adding application access to those clients. Unfortunately, project roles cannot be used to grant application access to Jira. Application access can only be granted to a group so you'll have to put all the clients in one or more groups and give those groups access to Jira

@Claudiu Lionte 

if that is the case then I don't see how a project role can be successfully added to the scheme (as you have suggested to be a better practice than using groups). Am I missing something? I know I am, I just don't know what it is :)

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you