Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permission Scheme issue

Phil Borrell
Phil Borrell January 7, 2021

Hi All, 

I need some help/ideas about fixing a problem I see in my Jira Cloud instance:

We have a project that needs to grant a 3rd party company access to a specific project in our Jira instance. I've created a group for them, provided them with the necessary permissions, and added the group to the project.

Before I sent it live to the externals, I added myself into the group using an external email address so I could test the security. Logged in, and found I can access every project in our Jira instance - this is frustrating!

What i have noticed during my investigation is that all projects in our instance have the Anyone logged in Access permission turned on in the Project share screen.

Is this what is causing the problem or am i missing something?

Before you suggest changing the permissions for the projects stop prevent Anyone logged in to have access, currently, this is not a possibility, all though it has been raised to management.

Is there potentially another solution?

Any suggestions would be greatly appreciated

Phil

Answer
Watch
Like Be the first to like this
410 views

2 answers

2 accepted

1 vote
Answer accepted
Walter Buggenhout
Walter Buggenhout
Community Champion
January 8, 2021

Hi @Phil Borrell,

Your analysis is correct. If you want to grant selected access to specific projects and not to others, there is no other way than removing any logged in user from the browse project permission in your permission schemes.

And obviously that would entail you need to replace that with e.g. a group that holds all your internal users and not the external ones. That is a change, but I don't see why management would have any objections against that.

View More Comments
Phil Borrell
Phil Borrell January 8, 2021

@Walter Buggenhout Thanks for confirming my fear, much appreciated.

Management is against it because it's not currently a priority.

But that's up to them!

Like
Reply
0 votes
Answer accepted
Prince Nyeche
Prince Nyeche
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 8, 2021

Hi @Phil Borrell 

Welcome to Community! First of all, its not scalable to use groups in the Permission scheme, the reason being that it becomes a nightmare to manage down the road and the overhead becomes bulky. instead, opt out to using project roles which works better on a per Project basis rather than globally with groups.

Coming back to your question, you've got something going on there. Any logged in user is a terrible idea on any Project. it means that no project can be confidential and any employee within the Organization can see what's happening on other projects even though they are not involved in it. Your management should quickly revoke this Permission and switch to Project roles instead. I see no reason why it is not possible except there's another reason behind such; which to me, I think its not very bright.

What I would suggest is for you to get a report on what your Projects currently looks like, who has access to what project, which groups are assigned to what user and what project role exist in each project in respect to the roles given to the users within the project. That would give you a thorough idea of what's going on and how to remedy the situation. Most probably, you can bring this up to the Management and provide a factual basis why things should change the way you see it. A lot of security issue might arise as a result of poorly managed permission scheme, which if not managed properly is a hassle to the business as a whole.

View More Comments
Phil Borrell
Phil Borrell January 8, 2021

@Prince Nyeche 

Thanks for the info, much appreciated.

I won't go into details as to why the company has set Jira up this way, but i have informed them of the dangers of doing this.

Phil

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.