A bit late to the party, but using permission scheme I am trying to allow only one group of external users to have the ability to select/edit watchers inside that group.

In a custom scheme i added Manage Watchers and View Voters and Watchers to that group, but those users still can't enter new watchers, not from their group nor complete jira-login group.

What am I missing? Shouldn't this permission scheme override other global settings?

Hi Barbara,

For Confluence, users are added by default to the confluence-users group.  When you create a space, the confluence-users group is given view access to that space by default.

Users must have access to a space in order to view/create pages.  Confluence provides access to all spaces and pages "out-of-the-box", and you have to restrict access, rather than granting access.

However, you can set up your own user groups and give those groups permissions only to certain space.  You can also go down to the page level and set restrictions on who can view/edit certain pages, so whilst you might give a group permission to view a space, you could also set restrictions on each individual page so that only certain users can view or edit a specific page within that space.

You might find this page and the links in it very useful if you're tying to get your head around users, groups and permissions.

You can define an own permission scheme as shown here .

There you have the possibility to set permissions for either a specific user group.

If you want to keep it more specific you can also define a new project role and add the needed users to this role (as descirbed in the links)

In the permission scheme you only have to edit two permissions to hide them from unauthorized users:

• browse project - to make project visible only for the group/project role
• edit issues - to allow edit issues

Once you've created that permission scheme you have to set this scheme for the projects you want.

(Another possibility would be changing the default permission scheme, but I would not recommand that)

Hi Barbara,

It depends exactly what you want to restrict, but this should get you started:

The jira-users and confluence-users groups represent all users of JIRA/Confluence.

If you want to restrict particular JIRA projects and Confluence spaces so that they can't be seen by all users, you need to set up groups to represent those who should see them. For example, you could create a group called, say, privileged-users for users who have access to view special projects/spaces. 

Then you can edit your JIRA project and Confluence space permissions so that only users in  privileged-users get to view the special stuff:

• For JIRA, you can create a new permission scheme, with the browse projects permission only granted to your privileged-users group and not "Any logged in user". Then apply that scheme to the special projects that you want to limit access to.
• For Confluence, you can edit space permissions for a particular space so that only the privileged-users group has view permission, and confluence-users does not. Permissions are additive, so a user who is in both groups will be able to view. 
  You can also set up default space permissions in a similar way, to apply to newly created spaces.  

Hope this helps a bit.

Sam