Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to give a user (read-only) access to a single project and nothing more

February 16, 2019

This article is meant to answer a question that some new Jira admins often have, especially after using Jira for only a few weeks or months. In here you will learn how to provide some users access to only one (or a few) project(s). This is especially useful if your Jira site needs to be accessed by some of your clients and they only need to see the projects that involve them.

Note that this procedure requires you to be a site-admin and a Jira administrator.
Also note that this article is only applicable for classic projects, as next-gen projects have their own, separate permission mechanism.

Summary(tl;dr): Create a project role named 'clients', a users group named 'internal-users'. Assign all the internal users membership to the group 'internal-users' and for each client assign them the project role 'clients' in their respective project. Remove any logged-in user from all the permission schemes and replace it with the group 'internal-users' and the project role 'clients' for the Browse projects permission.

Long version (complete instructions):

Part 1: Create a project role named 'clients': 
Navigate to Jira Settings System → Project Roles and at the bottom of the page, add a new project role. Name: Clients. Description: Jira users that need to only see their belonging projects.

Part 2: Create a users group that will contain all the internal users (all users except for your clients):
Navigate to the site administration area by clicking the 9-dots at the bottom left corner (Switch to→ Site administration → Groups → Create group (top-right corner). Give the group a name like 'internal-users'. This group will contain all Jira users that are part of your organization and need access to all the project (all your colleagues and not your clients).

Part 3: Add all other users except for clients (your colleagues) to this new group.
In the Site administration → Groups page, click on the newly-created group and then click Add members (top-right). Select all the users that are not your clients and then click Add.

Part 4: Add the newly created group and project role to all permission schemes:
Navigate to Jira Settings → Issues → Permission Schemes(down at the bottom). Locate the Default permission scheme and on its right-hand side click Permissions
For every permission that is granted to Application access: Any logged-in user, click on Edit, select Group and then select the name of the group that you created ('internal-users') and contains all the internal users. 
For the Browse Projects permission, also add Project role → Clients.
Locate all the permissions that are granted to  Application access: Any logged-in user, and on their right-hand side click Remove, select Application Access: Any logged-in user and click Remove.

This step needs to be repeated for all the permission schemes. Most likely there is one permission scheme named Default Software Scheme and the same steps need to be performed there. Ignore all the permission schemes generated by Jira Service Desk. These permission schemes will have Service Desk in their name so they are easily recognizable.

Part 5: Adding a client to a project
Navigate to a project where a client needs access, then go to Project Settings → People → Add people (top-right). Select the users (clients) that need read-only access to this project, then select the project role Clients and then click Add.

Repeat this last step for all the projects, adding the associated client to their own project.

Comment
Watch
Like # people like this
13620 views

17 comments

Recommended Learning For You

Level up your skills with Atlassian learning

Learning Path

Jira Software Fundamentals

Jira Software

New to Jira Software? These short, self-paced courses will teach you what you need to know to get up and running quickly.

2.8h Beginner
Free

The Beginner's Guide to Agile in Jira

Jira Software

Learn what agile, kanban, and scrum are and how agile works in Jira Software.

1.5h Beginner
Free

Realizing the Power of Jira Reporting and Dashboards

Jira Software

Use out-of-the box reporting and dashboard capabilities to view and assess progress and bottlenecks within projects.

1.5h Intermediate
On Demand

Comment

Log in or Sign up to comment
Richard McMillan
Richard McMillan May 6, 2019

My clicky finger is hanging from a tendon.

Like # people like this
Manuel Jaeger
Manuel Jaeger June 13, 2019

Thank you for this article.. helped me a lot!

Like
Robertas Bastys
Robertas Bastys September 12, 2019

Excellent post

Like
Martin Kennedy
Martin Kennedy September 16, 2019

Finally, the source I was desperately looking for. Thank you kindly for this article.

Like
Michael Royle
Michael Royle October 24, 2019

Thank you - been struggling with this a while. A really easy process to follow :)

Like
Deborah Dean
Deborah Dean January 24, 2020

Great article. One question, what do I change in the above steps if I want to give the clients access to create tasks in the one specific project I give them access to? Thanks

Like Andrew Dunne likes this
Jens Strobel
Jens Strobel March 13, 2020

Same question: I want to give the clients access to create tasks in the one specific project I give them access to?

Like # people like this
Limor Hader
Limor Hader August 6, 2020

The ONLY post that helped me understand this annoyingly complex topic. THANK YOU!

Like Chris Choy likes this
Chris Choy
Chris Choy August 12, 2020

As a new Atlassian administrator, I cannot thank you enough for posting this!!!

This is the only post that clearly goes over each step on how to properly set permissions restriction in Jira. This has been a real nightmare before reading this as all the other community posts were either out of date by several years or just convoluted at making a bunch of assumptions. 

Thank you! 

Like
Andrew Dunne
Andrew Dunne November 25, 2020

I have a similar question to @Deborah Dean and @Jens Strobel

 

How do I provide access to an external partner to create tasks etc in the one project I give them access to?

Like
Deleted user November 27, 2020

Hello, great post! Clearly explained!

I have been able to set permissions to view a specific project. 

However, I do not want the external user to see these options. How do I remove them from their view?

Screenshot from 2020-11-28 05.42.25.png

Screenshot from 2020-11-28 05.41.29.png

Thanks in advance

Babu

Like
Sama Bahjat
Sama Bahjat August 27, 2021

Good morning @Claudiu Lionte 

I am site admin and we are using jira cloud. I have created a couple of projects with the Company managed template. I have been able to achieve the following for our projects:

Step 1: I have created 2 new groups (Srcum Team, and Read Only/Client).

Step 2: I created a new scheme from the default software scheme. In this new scheme I replaced all of the instances of (Application access: Any logged-in user) with (Group: Scrum Team). Then I added (Group: Read Only) to the Browse Projects permission section only in the same scheme.

Step 3: I added all of our users who will be working on this project to the Scrum Team Group and I added the customer to the Read only/Client group 

Step 4: I applied the new scheme to our projects.

Important Note: after doing steps 1-4 above, I am part of the Scrum Team but was not able to view the project at all. Then I realized that there is one small step that is not mentioned in any of the articles that had come across (At least it was not clear to me as a beginner). That step was to add the product to any newly created groups so that those new groups that you create have user permissions on the Jira Software product. After I realized that I did step 5

Step 5: Go to Site administration → Groups and locate the newly created groups, click on one the newly created groups, then under the Group product access section click on add product. Select Jira Software and make sure this new group has a user permission role on the product. Repeat this process for any other newly created groups.

Now, steps 1-5 above gave me what I need using groups in my permission scheme to create a simple access control path on my projects.

The outstanding question I still have is: How do you perform the same thing but using project roles instead of Groups?

I have created the project roles and added them to my Scheme. The one step that I have not figured out yet is how to do steps 5 above for project roles. 

Please let me know what I am missing here. Once I hear from you I can share the big vision that I have for creating a good access control path for our different teams and their projects.

Thank you,

Sama

Like
Claudiu Lionte
Claudiu Lionte
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 27, 2021

To add clients the possibility of creating issues in that project, at Part 4, right after

"For the Browse Projects permission, also add Project role → Clients", you'll have to add Project role → Clients for the Create issues permission.

 

@Sama Bahjat If I understand correctly, your questions is around adding application access to those clients. Unfortunately, project roles cannot be used to grant application access to Jira. Application access can only be granted to a group so you'll have to put all the clients in one or more groups and give those groups access to Jira

Like
Sama Bahjat
Sama Bahjat August 27, 2021

@Claudiu Lionte 

if that is the case then I don't see how a project role can be successfully added to the scheme (as you have suggested to be a better practice than using groups). Am I missing something? I know I am, I just don't know what it is :)

Like
Marco Mangiante
Marco Mangiante December 17, 2021

Great; one question: is it possible to use this for unlicensed users? I need to give access to people that are not involved as developer in the project but I don't want to give them a license.

Like
Steve Zielinski
Steve Zielinski December 19, 2022

If you are wondering "Why does this work?" The explanation is this:

 

"Project roles are somewhat similar to groups, the main difference being that group membership is global whereas project role membership is project-specific."

(from https://support.atlassian.com/jira-cloud-administration/docs/manage-project-roles/?permissionViolation=true)

 

Notice what @Claudiu Lionte did NOT do. He did not put the clients in a group. He used project role membership.

If you put the clients in a group and then add the group to Browse Projects the clients will be able to see all the projects in the Projects drop down - you will not achieve allowing clients visibility of a single project.

By creating the new project role and adding the client to the project, in that role, Claudiu was using the fact that "project role membership is project-specific".

(And of course, you must remove the Any logged-in user because that would override the more specific permissions you are trying to implement.)

 

@Claudiu Lionteif you ever update this article, I suggest you name the new Project Role as: project_role_Client. This might help easy the natural confusion those of us who are new or infrequent admins have around groups and roles.

Like
Bas de Geest
Bas de Geest January 2, 2023

@Claudiu Lionte Awesome, exactly what I was looking for!

Like
Claudiu Lionte

Claudiu Lionte

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

35 accepted answers

144 total posts

View profile
groups-icon
New to Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events