We use Jira for our internal projects as well as to coordinate with some outside vendors. By default, we used groups and permissions to so that new "classic" projects are accessible to all internal users (jira-software-users group), and groups of outside vendors (each vendor with their own group) would be added to specific projects as necessary.
With next-gen projects this is broken. We only have "open," "limited," and "private" as permission options for next-gen projects. Both "open" and "limited" allow viewing for all users, with no way that I can find to block specific users/groups. So the only option remaining is private, which means that every specific user has to be invited. As far as I can tell there's no way with next-gen projects to allow our pre-existing permission scheme.
Right now I've had to disable next-gen projects entirely as individual users are creating them and not locking down the permissions appropriately to block outside people.
Thank you for getting in touch with Atlassian Community!
Currently, it's not possible to manage permissions on next-gen projects. We have a feature request suggesting the implementation of this ability:
In line with our Feature Request Policy, we'd suggest you vote for it as well as setting yourself as a watcher in order to hear about updates on the development cycle.