Community
Products
Jira
Questions
Jira permission issues :I dont want third parties to view all the projects of my internal Jira

Jira permission issues :I dont want third parties to view all the projects of my internal Jira

Hi All,

I have 3rd parties listed as "Business Representative" in my Jira User management. A business representative is ideally allowed to view only the projects that they have been assigned to as a member.

However I have now been made aware that they can see all the projects in the Jira system.

In the permission schemes i have checked and they are not allowed access. So i really dont know how to go about it. This is a data breach issue and needs to addressed quickly. Thankful for any help i can receive.

Kind Regards,

Ruha

2 answers

1 accepted

0 votes

Answer accepted

Thank you for your answer @Patricia Francezi .I did investigation of the same page earlier and then when i didnt find a solution raised this query.

@Nic Brough -Adaptavist- Thank you for your response.I have just attached a screenshot to show that the role is not mentioned in "Browse project"

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

The issue is: any logged in user can browse projects.

Your user group ios a logged in user, so, they will be able to see every single project in your instance.

you need to refine your permission scheme prefering using the project roles i mentioned.

thats why i said there is no step by step solution, it will depend on how you would like your instance to run

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • like this

@Patricia Francezi MAny thanks for your response. IT helped :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Patricia Francezi likes this

Yep, that's the one - "any logged in user" has "browse project". You'll need to reivse that, exactly as @Patricia Francezi says

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Ruha Anu Antony likes this

1 vote

You should prefer project roles, and set up your permission schemes based on project roles, so your business representative, will have access in the project and only the project in they are member.

https://confluence.atlassian.com/adminjiracloud/managing-project-roles-776636382.html

There is no step by step solution for your case, but this is the way you need to investigate and apply.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Just to add to this, you say "In the permission schemes i have checked and they are not allowed access" - this statement is clearly incorrect. If you have people who can see a project, they are allowed access by the project's permission scheme.

Have another look and look at the users, groups, project roles and dynamic roles that are named in "browse project". You will find that your business users are named in there in at least one way.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Jira permission issues :I dont want third parties to view all the projects of my internal Jira

2 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events