Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why can restricted permission scheme users see projects they're not added to on the create modal?

Jonathan Ward
Jonathan Ward March 3, 2023

This is a serious issue when you work with teams that you don't want to have visibility of all your projects.

 

Any user with access to our Jira Software can click create from the header navigation and see a full list of projects to choose from within the project select dropdown option.

 

This is a major data security issue in terms of allowing users to view projects they're not explicitly added too within the permissions schemes.

Answer
Watch
Like Be the first to like this
317 views

3 answers

2 accepted

3 votes
Answer accepted
Petr AST
Petr AST
Contributor
March 3, 2023

Hi @Jonathan Ward 

Can you please check "Create issue" permission and remove everyone except project participants. In this case, the project will disappear from the selection list for the rest when creating a task

View More Comments
Jonathan Ward
Jonathan Ward March 6, 2023

It was the default software scheme that had access to all logged in users enabled on create issues. Frustrating but thanks for assisting.

Like
Reply
1 vote
Answer accepted
Joe Pitt
Joe Pitt
Community Champion
March 3, 2023

Sounds like they are in a group that has permission. I don't know about Cloud, but in the server version by default everyone who has an ID is in a group given access to all projects. 

View More Comments
Jonathan Ward
Jonathan Ward March 6, 2023

It was the default software scheme that had access to all logged in users enabled on create issues. Appreciate you trying to assist.

Like
Reply
0 votes
Trudy Claspill
Trudy Claspill
Community Champion
March 3, 2023

Hello @Jonathan Ward 

Welcome to the Atlassian community.

Have you confirmed that the users don't have the Browse Permission for Company Managed projects they should not be able to see? If you have Team Managed projects also, then the Project Access on those projects needs to be set to Private.

View More Comments
Jonathan Ward
Jonathan Ward March 6, 2023

The issue was all logged in users permission on default software scheme.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security