Skip to content
Home » Blog » Using Jira Permission Schemes to Restrict Project Access

Using Jira Permission Schemes to Restrict Project Access

In this tutorial, we look at using Jira Permission Schemes to restrict project access in Jira Cloud.  This can be an important step in establishing Jira as a closed system in a regulated environment.

By default, Jira projects are accessible to any logged in user of the Jira site.  This level of access may be sufficient for smaller companies and teams, because logged in users are (obviously) authenticated.  However, larger organizations most certainly need further restrictions for project access.  It can be problematic for Part 11 compliance (and other regulations) if large numbers of users have access to edit your records.

NOTE:  Permission schemes cannot be edited in free subscriptions to Jira.  The strategies in this tutorial require a Standard subscription or higher.  If you’re using a free subscription, please take a look at my tutorials for restricting users with workflow properties.

Configuring Company-managed Projects

  1. Go to Settings –> System –> Project roles.
  2. Select to create a new role for team members:
    • Role name:  Team Members
    • Description:  Users that have been explicitly granted access to a project.
  3. Now go to Settings –> Issues –> Permission schemes.
  4. Find your project’s permission scheme in the list, and select Copy.  (Creating a copy makes it much easier to role-back changes if needed.)
  5. Find the new copy in the list of permission schemes, and select Edit.  Update the Name and Description as appropriate.  Then select Update.
    1. Example name:  Restricted Project Access Permission Scheme
  6. Once again, find the updated permission scheme in the list, and this time select Permissions.
  7. Under the Project Permissions heading, locate the Browse Projects permission.
  8. Inspect the current configuration.  By default, Browse Projects is typically granted to “Any logged in user”.  This must be removed if you want to restrict access to this project:
    1. Select Remove.
    2. Select “Any logged in user”.
    3. Select Remove.
  9. You must now grant access to our new Team Members role.
    1. Select Update. 
    2. Select Project Role –> Team Members.
    3. Select Update.
    4. Note:  Permissions can be configured by user group, project role, specific user ID, field-based value, and much more.  (See links below for more information.)
  10. Repeat steps 7 through 9 for any other permissions you’d like to restrict.  For example, to further restrict editing, closing, resolving, etc.
    • Note:  Any remaining permissions that remain configured for “Any logged in user” are essentially restricted to Team Members.  This is because a user must be able to access the project before they can do anything inside of it.
  11. When you’re finished updating the scheme, it is time to associate the new permissions with your project:
    1. go to Settings → Projects.
    2. Locate your project in the list, and select Project Settings.
    3. Select Permissions.
    4. Select Actions → Use a different scheme.
    5. Select the new restricted permission scheme from the list.
    6. Select Associate.
  12. Finally, it’s time to grant access for team members.
    1. Still inside Project Settings, select People.
    2. Select Add people.
    3. Select one or more team members (or user groups).
    4. Select Team Members as the target role.
    5. Select Add.

Finished.  Now only the people assigned to the Team Members role in this project can access this project.  You can assign different team members to other projects by first associating this new permission scheme to more projects, and then adding users to the project-level role.

Configuring Team-manage Projects

You can also restrict access to team-managed projects:

  1. Go to Project Settings –> Access.
  2. Select Change project access.
  3. Select Private, and then select Change.
  4. If prompted, select Save and make private.
  5. Select Add people.
  6. Select one or more team members (or user groups).
  7. Assign to either the Member or Viewer roles, and then select Add.
  8. (Optional) Select Manage roles to create custom roles with customized permissions schemes. 

Using Jira in a heavily regulated industry?

Get my list of 7 essential Jira Cloud apps for building a compliant SDLC in regulated industries.

SHOW ME THE LIST!

More Information

Find more strategies like this in my Quick Start Guide for Jira Cloud:  https://www.agile-innovations.tech/part-11

For more information about Jira permission schemes, checkout Atlassian’s documentation:  https://confluence.atlassian.com/cloudkb/how-to-restrict-project-access-for-teams-in-jira-cloud-953142266.html

Tags: