Permissions vs people - company managed project

Melanie Leclerc March 27, 2024

Once you add users to a group and assign the group to a project role in a permission scheme, and then assign the permission scheme to a project, the users are supposed to have access to the project. Right ?

 

In my instance, on top of the above, I need to add the group/project role into the people section of the project settings in order for the users to get access to the project. That is not supposed to happen.

 

Anyone have a clue why this problem might happen ? thanks

2 answers

1 accepted

2 votes
Answer accepted
Miguel Ramon
Contributor
March 27, 2024

Hello @Melanie Leclerc!

From what I understand, you don't need roles for what you're trying to achieve.

Project Roles (documentation) are meant to enable granular access configuration on a project per project basis. That is to say that you could grant a given role certain permissions in a permission scheme, and then use that same permission scheme in several projects, but the roles will allow you to say who, in the end, will actually have the permission, by assigning that role to someone in a given project.

For example, if Project A and Project B have the same permission scheme with the Browse Projects permission granted to the role "Users", but your user only has the "User" role in Project A, then you'll only be able to view issues in that project.

Have you tried adding the group directly into the permission scheme instead of assigning a role? Say that the group is called jira-users. Go to the permission scheme, click on Grant Permission, click Group, and search for the group in question. Then, verify that permission scheme is assigned to the Project you're looking to grant access to.

Screenshot 2024-03-27 182029.png

Melanie Leclerc March 27, 2024

Thanks for your insight Miguel, I will test this out.

Miguel Ramon
Contributor
March 28, 2024

Hello, @Melanie Leclerc! How did it go with this alternative? I believe adding groups directly to the permission scheme would save you of having to also assign roles in the individual projects.

Regards, 

Melanie Leclerc March 28, 2024

Hey @Miguel Ramon ,

 

That worked! thanks much for your insights.

0 votes
Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 27, 2024

Adding a group in the permission scheme does not automatically add them to the project. Here is a good overview of how Jira permissions work.

If you look at that default permission scheme it allows anyone with application access to browse project and in that case you would not have to add them under People. But if you change your permission scheme so for example only the Users project role can browse the project, then you have to add either the user or the group users belongs to to that role under People. It all depends on how your permission scheme is set up if you have to add users to the project or not.

Melanie Leclerc March 27, 2024

You are referring to Miguel's comment right ?

 

Melanie Leclerc March 27, 2024

@Mikael Sandberg The permission scheme is good, with all the roles assigned to the right actions. Example under browse projects I have users, developers, QA, SM and PO... just for the sake of figuring out the problem. Then I go to people, remove qa group (and therefore QA role attached), and boom... my QA doesnt have access to the project anymore.

Is it a normal behavior ?

Melanie Leclerc March 27, 2024

To bypass the problem I had to add all my groups in the people section for each project... It works, but I want to know why I need to duplicate permissions for this to work.

You have to know that our instance was heavily "managed" by previous company owners...

Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 27, 2024

Yes, that is normal behavior if you are using project roles/groups to limit the access. When you do that then you have to add user to the right roles under people.

The default permission scheme is basically set up so if you have access to the product then you have access to any projects. 

I always recommend using project roles within the permission scheme whenever you can instead of groups. That allows the project admin(s) to manage who should have access to the project and what roles they should have, instead of having a Jira admin control it.

Melanie Leclerc March 28, 2024

We've been told by Atlassian that it is not normal behavior for a company managed project. It would be only for Team managed project.

 

Anyhow, I did what Miguel suggested and that bypassed the problem.

 

Thanks for your collaboration :)

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events