Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Project available to users outside Project Role

Didier Lachere
Didier Lachere
Contributor
February 13, 2020

Hi guys,

 

I've spent way too many hours cracking my head around this and can figure it out so time to ask for help :D

 

OBJECTIVE 

Grant clients access to their Confluence Space and Jira projects only so they can contribute, document and sign off on requirements and tickets.

 

STEPS TAKEN

  • Created a new 'clients' group on Administration and assigned the user to this and ONLY this group. 
  • groups and accesses.png
  • Created a Jira 'Client' Project Role and assigned user to this role in specific projects only.project roles per user.png
  • Changed Jira permissions to add/remove all required groups and roles (including Browse Project).
  • Screen Shot 2020-02-14 at 11.49.01.png 

PROBLEM

When I log in to Jira as that user the Projects List display projects where user is not assigned to in any way.

 

Now, I know what you may be thinking "The user may be getting access to these projects through another groups or role or whatever"... but here is the strangest things:

- If I remove the Project Role permission for clients to Browse projects then I do not see ANY project.

- If I grant to permission to Browse Projects to just that user then they see ALL projects in our instance.

- Some of the project displayed to this user under current setup do not even have a Project Role assigned to them:

 

If I go to the "View Usage for Project Role: Client" on Jira Settings is where I think the issues is:

- I can see projects listed there with a number higher than 0 (view). However when I click on view there is no Project Roles assigned to them!!

 

Is this a bug? and if so why just in some random projects? How to resolve?

Answer
Watch
Like Be the first to like this
549 views

1 answer

0 votes
Johan Soetens _Dumblefy_
Johan Soetens _Dumblefy_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 13, 2020

Hello Didier,

it could be that other permission schemes make use of Application access for project permissions.

Other default access groups (screenshot only shows group Clients) could have been granted to the projects when they were created.


Have you tried the Permission helper?

View More Comments
Didier Lachere
Didier Lachere
Contributor
February 16, 2020

Hi @Johan Soetens _Dumblefy_ thanks for the answers.

 

it could be that other permission schemes make use of Application access for project permissions.

As far as I understand it a project can only have ONE permission scheme assign to them right?

So following that logic and with the provided rules of the assigned permission scheme there should not be any effect form other system schemes to these projects....  (plus all out project share the same Permission Scheme)

 

Other default access groups (screenshot only shows group Clients) could have been granted to the projects when they were created.

This may make a bit of sense and happy to explore this further.... but... is there a way to change these? Haven't find anywhere on Project permission around this..

Like
Didier Lachere
Didier Lachere
Contributor
February 16, 2020

Further more after doing some debugging using the Permission helper (pretty good tool I was not aware of thanks).

 

What I see is "User XXXX is a member of the Client project role"... However, that specific Project has no assignation on Project Roles under 'People' tab...

 

So, unless I completely misunderstood the usage of Project Role, isn't this a bug where is a user is assigned to that Role (in another project) it then gets permission to ANY project that has a user assigned to that Role (even if not the same user)?

 

My understanding is that a user assign to a Role in a project only gets permissions of that Role in the specific project he is setup and not others... 

Like
Johan Soetens _Dumblefy_
Johan Soetens _Dumblefy_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 16, 2020

Hi Didier,

if I understood correctly you created a group clients and project role Client.
This project role was then used in your permission scheme which is used in most to all projects.

The result of permission helper is indicative that you haven't granted the group clients to the project role in a project.

The default members for your Client project role should include group clients.

Even when this group clients is added, the caveat here is that this would only have affected newly created projects.

All existing projects will need to you to add group clients to the project role (Project settings > People).

Like
Didier Lachere
Didier Lachere
Contributor
February 17, 2020

Hi @Johan Soetens _Dumblefy_ seems we deviated a bit form the actual issue... let try to summarise this better:

Group 'Clients' only used to group licenses in our instance. There is no mentions or usage of this under our Permission Scheme. Here we add ALL our clients accounts...

 

Project Role 'Clients' is the one we have associated to our Permission Scheme to be used.

 

- If we associate the group to a Role then ALL clients would get access to that project which is not what we want.

- Instead we simply assign specific clients users to that role for the specific project so the gain whatever permission we have defined on the Permission Scheme.

 

Again, this is all working as expected except for some random projects showing to our clients where there is nor Project Rola allocation at all.

 

The permission helper for those random project says the user is assigned to the 'Clients' Project Role which is not true... that is where things are wrong.

 

If I change the Permission Scheme to remove Browse Project to the 'Client' Project Role then use does not see ANY project which confirms the problem is just on that Project Role allocation right?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.