Hey Boris,

Thanks for confirming I am on the right track. I thought i had successfully ripped it out as you suggested but certainly not the case. 

I've cleaned out the Global Permissions thikning that would do it. Is there somewhere else I need to look?

Troy

Uh, you want it to remain in the JIRA Users global permission. Other than that you need to pull it from roles and permission schemes.

For the most part I am still configured right out of the box but, I feel like I am missing something in your explanation.

If I can lean on you a little further.....

I created new groups in Global permions and added users into those while removing the jira-users from them. I see the Project Users role in my project which has jira-users in it. If I understand you correctly I should pull the jira-users group from the Users role in the project? When I do that I break pretty much every other users access to the project.

I am suspecting that I am missing correctly removing permissions associated to the jira-users group but I simply cannot find them? Any suggestions?

Unless you want absolutly everyone who can logon to have access to your project do not use the jira-user group. You can not REMOVE access via the permission scheme, only give them. So you can give jira-users browse permission, but not give them edit or create. 

You can use a security scheme that is applied on an issue by issue basis to limit access, although you can make it apply to all issues. But that happens after the issue is created. 

Joe and Boris, thanks so much for the help. I finally got to exactly where I needed to be.

More questions coming but they will be in other threads.

Either of you heading to Summit?

Yup, I will be there. Feel free to reach out if you need anything.