Once you add users to a group and assign the group to a project role in a permission scheme, and then assign the permission scheme to a project, the users are supposed to have access to the project. Right ?
In my instance, on top of the above, I need to add the group/project role into the people section of the project settings in order for the users to get access to the project. That is not supposed to happen.
Anyone have a clue why this problem might happen ? thanks
Hello @Melanie Leclerc!
From what I understand, you don't need roles for what you're trying to achieve.
Project Roles (documentation) are meant to enable granular access configuration on a project per project basis. That is to say that you could grant a given role certain permissions in a permission scheme, and then use that same permission scheme in several projects, but the roles will allow you to say who, in the end, will actually have the permission, by assigning that role to someone in a given project.
For example, if Project A and Project B have the same permission scheme with the Browse Projects permission granted to the role "Users", but your user only has the "User" role in Project A, then you'll only be able to view issues in that project.
Have you tried adding the group directly into the permission scheme instead of assigning a role? Say that the group is called jira-users. Go to the permission scheme, click on Grant Permission, click Group, and search for the group in question. Then, verify that permission scheme is assigned to the Project you're looking to grant access to.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello, @Melanie Leclerc! How did it go with this alternative? I believe adding groups directly to the permission scheme would save you of having to also assign roles in the individual projects.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Adding a group in the permission scheme does not automatically add them to the project. Here is a good overview of how Jira permissions work.
If you look at that default permission scheme it allows anyone with application access to browse project and in that case you would not have to add them under People. But if you change your permission scheme so for example only the Users project role can browse the project, then you have to add either the user or the group users belongs to to that role under People. It all depends on how your permission scheme is set up if you have to add users to the project or not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Mikael Sandberg The permission scheme is good, with all the roles assigned to the right actions. Example under browse projects I have users, developers, QA, SM and PO... just for the sake of figuring out the problem. Then I go to people, remove qa group (and therefore QA role attached), and boom... my QA doesnt have access to the project anymore.
Is it a normal behavior ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
To bypass the problem I had to add all my groups in the people section for each project... It works, but I want to know why I need to duplicate permissions for this to work.
You have to know that our instance was heavily "managed" by previous company owners...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, that is normal behavior if you are using project roles/groups to limit the access. When you do that then you have to add user to the right roles under people.
The default permission scheme is basically set up so if you have access to the product then you have access to any projects.
I always recommend using project roles within the permission scheme whenever you can instead of groups. That allows the project admin(s) to manage who should have access to the project and what roles they should have, instead of having a Jira admin control it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We've been told by Atlassian that it is not normal behavior for a company managed project. It would be only for Team managed project.
Anyhow, I did what Miguel suggested and that bypassed the problem.
Thanks for your collaboration :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.