You also need to make sure the users you are adding do NOT get additional access via another route. Such as "being in jira users" or "in other roles"

@Vera, I believe you should accept one of the other guys answers as the accepted answer, not your own comment that you can "work with this" :)

It's polite to accept the correct answers.

Nic, I don't see a check mark at your answer. I guess because it's a comment and not a ...? e.g. I see a checkmark at Andris' answers...

I understand you guys and I'm sorry. I got a message that I should close issues when it was resolved and I saw a grey checkmark and I clicked it.

I will try to do the right thing. I really didn't do it on purpose :-)

You can only mark Answers correct, not comments. Mark the answer at the top of a thread to indicate that a comment somewhere in the conversation solved it for you.

NOW I understand (what I did wrong (with my answering))

:-D

Thanks again ;-)

Thank you and no, that's doesn't sounds like a good way to do it.

I thought, maybe there was a combination of checkboxes in permission schemes or something like that where you could set a group of persons to just only viewing the issues in the projects. So, access to the project and viewing and nothing else.

So, I'm still wondering if it's possible :-)

I'm still not entirely sure what you're trying to acheive though. Anonymous access? Or certain users only able to read projects, with others able to do more

If it's the second, then yes, you can do it. You just need to edit your permission schemes and role membership so that the default access is "read only" and then you grant more power to people who actually need it (via roles ideally, as it's more flexible than groups)

Yes, the read-only option, sorry for the miscommunication.

But I can't find how to set it to read-only, I only see something about workflows to view-only in the Permission Scheme. Could you please help me a little bit more step-by-step?

No problem, it's quite hard to explain computers sometimes - I find paraphrasing very helpful when I'm exploring what people might mean, but even then I completely misunderstand what people are saying sometimes.

I can't really really step you through this process because it depedns on what you have configured already. I've kind of pointed you at what needs doing at a high level already, and I can't tell you more without knowing your setup.

However, when I take over Jira installations that need this type of thing, what I do is:

1. Check that the system uses the group "jira users" to say "This user is active and can log in".
2. Review how you want to allow access to projects (I'd recommend roles), and add everyone who currently needs access to their projects into the appropriate roles or groups so they'll be able to use it after the next step
3. Remove "jira users" from ALL permissions schemes, workflow usage, and, most importantly, roles in every project

This separates "can log in" from "can do all sorts of other stuff in assorted projects"

In your case, I'd also consider

• Adding a new role called "read only"
• Give that role "browse" in all your permission schemes.
• Think about putting jira-users into that role, but NO OTHERS.

(The slightly easier way to do this is actually to create a new group called something like "jira active users" or "jira logins", put everyone in it, then remove "jira users" from the global "can log in" permission)