How to allow user(s) to access only specific projects

This article details how to manage user permissions in Jira at both instance and project levels, with specific strategies for team-managed and company-managed projects. It covers setting global permissions, managing project permissions, and best practices for controlling project access.

 

Analysis

In Jira, we don't have a way to "restrict" access to the users (unless you want to restrict issue by issue). Users either have permission or not. So, if you don't want a user to do something, you just need to not give them this permission. We have two levels of permissions: instance permissions (permissions to create or delete projects, boards, share filters, invite users, etc.) and project permissions (permission to access the project and see its issues, edit the issues, close issues, etc.).

Instance level

The instance permissions are given through the Global Permission page, which you access here:

Project Level

The permissions related to the projects are given in the project settings.

Team-Managed Project

Company-Managed Project

 

Learn more about the difference between company-managed and team-managed projects.

Note that Company-Managed projects can share permission schemes. In these schemes, the permission that provides access to the project and its issues is "Browse Project." These permissions can be applied to single users, Groups, and Project Roles.

 

Solution

For Team-Managed Projects

Just make sure that all Team-Managed Projects have the Access set as Private and add the user only in the desired projects:

For Company-Managed Projects

1. Use Project Roles for Specific Project Access

• Assign to Project Role: The most straightforward way to give a user access to a specific project is by utilizing project roles. Assign the user to a role within the project that has the permissions necessary for their work.
• Navigate to your project settings.
• Select "Users and roles" or a similar option (terminology might vary slightly between Jira versions).
• Add the user to the appropriate role (e.g., "Developer", "Project Manager") that aligns with their required access level.
• Configure Permissions: Ensure that the project’s permission scheme is configured so that the roles have the appropriate permissions. This is crucial because a role only provides the access defined in the permission scheme of each project.

2. Limit Use of Groups for Specific Project Access

• Avoid Broad Groups: Avoid adding the user to a group that has wide-ranging access across multiple projects unless it's necessary for their role within the organization. Groups are better suited for broader access needs or organizational-wide permissions.
• Strategize Group Use: If the user needs certain global permissions or access to Jira functionalities outside the project scope (like accessing a global dashboard), then assigning them to a relevant group in addition to their project role might be necessary.

3. Make sure that the permission “Browse Project” is not given to “Any logged in user” or “Public” in the permission schemes. The first one allows all users from your instance to access the project, and the second one allows anyone with the link (even non-members of the instance ) to access it.

 

Summary

If the Browse Project permission in your permission schemes is given only to Project Roles, you need to assign the user to the role only in the desired project. If groups are applied, make sure that the user is not a member of any of these groups and apply a project role to them. And, maybe the most important thing, make sure that the permission “Browse Project” is not given to “Any logged-in user” or “Public” in any of the permission schemes.