Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrciting user access to only one project and one issue type

Pravin Patil
Pravin Patil
Contributor
March 15, 2019

I have 34 projects (including a project named "Project-S"). They are sharing the default permission scheme.

The default permission scheme is set up in such a way that it gives "Any logged in user" permissions to "Browse Project" and few more permissions.

Project-S has 3 issues types "Task", "bug" and "Story".

Now my scenario is, I want to grant user-1 access only to "Project-s" project, and only to "Task" and "Story".
User-1 should not be able to see the remaining 33 projects.

User-1 should not be able to see the "Bug" issue type in project "project-s".

If I create a new permission scheme for project "project-s". And allow only selected people to access it (including user-1).

Will user-1 still be able to see other projects since those projects have "Any logged in user" permission for "Browse Project"?


Also, within (Project-s) project, how to allow user-1 to not see "Bug" issue type, but can see "Task", & "Story".

I am on Jira server v7.12

Answer
Watch
Like Be the first to like this
1443 views

2 answers

0 votes
Joe Pitt
Joe Pitt
Community Champion
March 16, 2019

To build on @[deleted] 

JIRA permissions

First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.

 

JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups).  This is where users are getting the access from.

 

  1. The FIRST thing you need to do to get control is to remove any groups with logon privileges from the permission scheme. unless you absolutely want everyone to have that permission.
  2. Then I suggest you setup Project Roles for the various functions like, tester, QA, Browse Only, etc.
  3. By using roles one permission scheme will cover all projects. The project admin controls project role membership
  4. If the project leads want everyone that can logon access to the project they can add the logon group to a project role with the desired permissions.

 

This may be a big effort, but it will pay off down the road by making it easy to control access.

 

Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.

View More Comments
Deleted user March 16, 2019

As an ‘old timer’ I approve this message 😀

Like Joe Pitt likes this
Pravin Patil
Pravin Patil
Contributor
March 18, 2019

Thank you Danny and Joseph for your responses.

Since all 34 project share default permission scheme, with "Browse project" permission to any logged on user >> I will have to create separate permission scheme for each of 34 projects. These permission schemes should be based around roles. Project admin can add remove users from the roles, so I dont have to worry about access to the projects.

Hope I am correct until here.

Once each project has its own permission scheme, I use "issue-filter add-on" to block a particular issue-type for a role. OR use "Issue Security Scheme" at individual issue level.

Does that sound like a good approach?

Like
Reply
0 votes
Deleted user March 15, 2019

Hi @Pravin Patil

You need to set up project roles and create a new permission scheme that references the project role. 

You could set the browse permission to a number of project roles instead of any logged in user, this will full your requirement to have user-1 only access project-S. Add user-1 to one of the project roles. 

Next, you could use the issue filter addon to restrict which issue are available to each project role.

Hope this helps 

View More Comments
Pravin Patil
Pravin Patil
Contributor
March 15, 2019

Thank you for the quick response.

#1:

If I create a new permission scheme for project "project-s". And allow only selected roles to access it (including user-1).

Will user-1 still be able to see other projects since those projects have "Any logged in user" permission for "Browse Project"?

 

#2: 

Does Issue security Scheme work at individual issue level or at Issue type level? 

Like
Deleted user March 15, 2019

Hi @Pravin Patil

you need to change the browse permission to only allow the project role, not any logged in user. 

 

Issue security schemes work at the individual issue level but do not stop a user who has access to a project from creating all the issue types in that project. Therefore the addon would be best placed to fulfil your requirement. 

Hope this helps 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.