JIRA permissions

First, by default JIRA has a horrible permission scheme that violates security best practices by allowing everyone that can logon to do just about everything.

JIRA works by GRANTING access. You can't restrict access. By default, it grants access to the group used to logon (see Global permissions to see the "can use" groups and admin groups).  This is where users are getting their access.

1. The FIRST thing you need to do to get control is to remove any groups with logon privileges from the permission scheme unless you absolutely want everyone to have that permission.
2. Then I suggest you setup Project Roles for the various functions like, tester, QA, Browse Only, etc.
3. By using project roles, one permission scheme will cover all projects. The project admin controls project role membership
4. If the project leads want everyone that can logon access to the project they can add the logon group to a project role with the desired permissions.

This may be a big effort, but it will pay off down the road by making it easy to control access.

Most of the 'old timers' use project roles. It meets the best practice for security and gives complete control to the project lead for access to their project. JIRA comes with many project roles, but you can add more if you have a special need.

Hello,

You can go in project settings on the project. Go in "user and roles" and add the user as a "user" of the project.

Or you can edit "Permissions" on the project to allow this user specifically to execute certain actions on the project.

Regards,

Hello @Gonzalo Fernández Durán ,

I suggest you to work with groups on projects.

In my case, for each project that I created, no one from my team/external clients can see the project. why ? because I made different permission scheme for each project plus groups for users and external clients ( if needed). I`ll give you an example: 

I created the following:

"Project 1"

"Project 1 Group"

"Project 1 External clients group"

After is created each project has set by default a permission scheme. In my case, I created a permission scheme which is set by default for each newly created project with restricted permissions. I removed "Any logged in user" from each permission. 

Added the groups to "Browse Project" so they can see it, and after that I gave access to the groups as I needed.

Creating two different groups helped me because users (developers in my case) have a little bit more permissions than external clients who only watch the issues/progress or whatever you decide with them.

So, creating the external clients groups helped me to not have problems with missing issues ( deleted by mistake) or many other stuff like that.

Or, another suggestion is to create a group of "Managers" and give to this group the advanced permissions you want to each project and in this group add any user you want to have different and more permissions than regular users. 

Good luck, hope this was helpful.