Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict a user who can only access a specific project

Eitan yomtovian
Eitan yomtovian
Contributor
January 28, 2019

Hello,

I created 2 new users on the system and then added them to a specific group.
The same group was assigned to a particular project by defining the group in Project Permissions in the Permission type: Browse Projects.

The problem is when I go through one of these users I can really only expect a specific project that I defined but without an option to update tasks.

What am I not doing right?

Regards,

Eitan.

Answer
Watch
Like Be the first to like this
383 views

1 answer

1 accepted

1 vote
Answer accepted
Joe Pitt
Joe Pitt
Community Champion
January 28, 2019

First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.

 

JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups).  This is where users are getting the access from.

 

  1. The FIRST thing you need to do to get control is to remove any groups with logon privileges from the permission scheme. unless you absolutely want everyone to have that permission.
  2. Then I suggest you setup Project Roles for the various functions like, tester, QA, Browse Only, etc.
  3. By using roles one permission scheme will cover all projects. The project admin controls project role membership
  4. If the project leads want everyone that can logon access to the project they can add the logon group to a project role with the desired permissions.

 

This may be a big effort, but it will pay off down the road by making it easy to control access.

 

Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.

View More Comments
Eitan yomtovian
Eitan yomtovian
Contributor
January 29, 2019

Hi Joseph,

Thank you very much for the detailed answer.

I created a group (I called it MINT) and defined it in the permissions section - Browse users and groups, and removed the users from the group of other users in the system (Jira-software-users) But after that, they can really access a specific project but do not update the tasks.

Image to illustrate an external user's permission:

1.png

What can I do or what I'm doing wrong?

Thanks,

Eitan.

Like
Eitan yomtovian
Eitan yomtovian
Contributor
January 29, 2019

Thanks, I success!


I would just have to set up another group for my company and define the permissions of all the projects in my company's group and remove the option of "log in by each user"

 

Eitan.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.