This article is meant to answer a question that some new Jira admins often have, especially after using Jira for only a few weeks or months. In here you will learn how to provide some users access to only one (or a few) project(s). This is especially useful if your Jira site needs to be accessed by some of your clients and they only need to see the projects that involve them.
Note that this procedure requires you to be a site-admin and a Jira administrator.
Also note that this article is only applicable for classic projects, as next-gen projects have their own, separate permission mechanism.
Summary(tl;dr): Create a project role named 'clients', a users group named 'internal-users'. Assign all the internal users membership to the group 'internal-users' and for each client assign them the project role 'clients' in their respective project. Remove any logged-in user from all the permission schemes and replace it with the group 'internal-users' and the project role 'clients' for the Browse projects permission.
Long version (complete instructions):
Part 1: Create a project role named 'clients':
Navigate to Jira Settings → System → Project Roles and at the bottom of the page, add a new project role. Name: Clients. Description: Jira users that need to only see their belonging projects.
Part 2: Create a users group that will contain all the internal users (all users except for your clients):
Navigate to the site administration area by clicking the 9-dots at the bottom left corner (Switch to) → Site administration → Groups → Create group (top-right corner). Give the group a name like 'internal-users'. This group will contain all Jira users that are part of your organization and need access to all the project (all your colleagues and not your clients).
Part 3: Add all other users except for clients (your colleagues) to this new group.
In the Site administration → Groups page, click on the newly-created group and then click Add members (top-right). Select all the users that are not your clients and then click Add.
Part 4: Add the newly created group and project role to all permission schemes:
Navigate to Jira Settings → Issues → Permission Schemes(down at the bottom). Locate the Default permission scheme and on its right-hand side click Permissions.
For every permission that is granted to Application access: Any logged-in user, click on Edit, select Group and then select the name of the group that you created ('internal-users') and contains all the internal users.
For the Browse Projects permission, also add Project role → Clients.
Locate all the permissions that are granted to Application access: Any logged-in user, and on their right-hand side click Remove, select Application Access: Any logged-in user and click Remove.
This step needs to be repeated for all the permission schemes. Most likely there is one permission scheme named Default Software Scheme and the same steps need to be performed there. Ignore all the permission schemes generated by Jira Service Desk. These permission schemes will have Service Desk in their name so they are easily recognizable.
Part 5: Adding a client to a project
Navigate to a project where a client needs access, then go to Project Settings → People → Add people (top-right). Select the users (clients) that need read-only access to this project, then select the project role Clients and then click Add.
Repeat this last step for all the projects, adding the associated client to their own project.
Claudiu LionteAtlassian Team
We’re proud to announce that our integration with Amazon DevOps Guru is now live. The Amazon and Opsgenie product teams have worked together to build a deep integration between Opsgenie and the new...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events