Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to limit creation of "Team-managed" projects to Private only

Tomasz Cholewa
Tomasz Cholewa
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 23, 2022

Is there any way to force creation of "Team-managed" projects to Private only on Jira Cloud?

Answer
Watch
Like # people like this
1752 views

3 answers

1 accepted

1 vote
Answer accepted
Mark Segall
Mark Segall
Community Champion
August 23, 2022

Hi @Tomasz Cholewa and welcome to the community!

Unfortunately no.  I've found when I want guard rails around team-managed projects, the best approach is to lock down ability to create them:

  1. Navigate to YOURINSTANCE.atlassian.net/secure/admin/GlobalPermissions!default.jspa
  2. Delete the Create Team-Managed Projects permission
  3. Re-add the Create Team-Managed Projects permission with the appropriate group(s) you wish to enable

Of course, this is assuming that users don't need to create team-managed projects that frequently as this could create unanticipated overhead on your Jira Admins.

The other option is to set up an automation that notifies you and/or other Jira admins every time a project is created so that you can do a quick spot check to ensure access was configured appropriately.  If you're familiar with the Jira API, you could get more complex with the rule and have it check for team vs company-managed and only notifies on team managed.

View More Comments
Tomasz Cholewa
Tomasz Cholewa
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 24, 2022

Thanks, we done this more-less your way earlier. Need to check Jira API. Thanks!

Like
Reply
0 votes
Hope Man
Hope Man
Contributor
February 8, 2024

I actually managed to create an automation that sends me and the creator of the team-managed project a warning email only if a team-managed project with open access was created. It wasn't easy. Can't share as I'm not at work. Some templates seem to still create the project with open access, others were changed (I think).

If anyone is interested I can share next week.

 

View More Comments
Nataliia Sosnovshchenko
Nataliia Sosnovshchenko
Contributor
July 1, 2024

Would be great if you could share the script & automation rule setup, I'm facing the same issue.

Like
Hope Man
Hope Man
Contributor
July 4, 2024

This is how I did it.
Basically it checks if a licensed user that I created (account needs site access and possibly a Jira Software license) specifically for this automation has the browse permissions on a newly created team-managed project.

It seems like "project.simplified" is always true for team-managed projects, so I just used that for the lack of a better indicator but I think you could just remove that if condition completely and it should work.

I did this more than a year ago, so there might be better ways now.

Screenshot 2024-07-04 110125.png

 

Like Nataliia Sosnovshchenko likes this
Milos Pavlovic
Milos Pavlovic
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 31, 2024

@Hope Man This is great, thank you.

Can you please elaborate on values for accountId and the second webResponce?

I'm having a hard time understanding the logic. Tried a few things, but getting errors. 

Thank you very much in advance.

Miloš

Like
Hope Man
Hope Man
Contributor
July 31, 2024

AccountId is the Account ID of a user that was created just for this automation. The only thing this account has is a Jira Software license.

I'm calling a Jira REST API query in the "Send web request" block to check if this account can browse/view this newly created project (I'm using my own admin account's access token as authentication).

Then I get a response with a code and a body. 200 is code for "ok", which means there were no errors.

Then I I get the body and check if it contains the above accountId.

If yes, then I send an email to the user that created the project (and me as a Jira admin), because it means the project was created with open access settings since somehow a user with only a Jira Software license has the BROWSE_PROJECT permission for this new project (this only happens if the access settings are set to "open" or the account was specifically added to the project's permissions).

It's possible that there are better ways to do this now. Saw a bunch of REST v2 and v3 call candidates that I may or may not have tried when I attempted to create this automation a year or so ago.

 

 

 

Like Milos Pavlovic likes this
Reply
0 votes
Jack Brickey
Jack Brickey
Community Champion
August 23, 2022

You cannot do this. If you allow the creation of TMP projects in your instance than anyone can create a project and they can control access themselves. 

View More Comments
Hope Man
Hope Man
Contributor
March 29, 2023

Well that's fine if you had the ability to make "private" the default setting, yet the default is "open", which is a big problem.

Close to a year later and it still a security issue, unless you can tell me how to do it.

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.