All of this seems needlessly complicated. This is what I did.

1. Create a contractors usergroup.
2. Set up the external contractors as members of the contractors group, and not the users group.
3. Assign the contractors group to the users project role in the project you (or developers if you wish them to be developers on that project)
4. Assign the JIRA Users global permission to the contractors usergroup so they can log in without being in the users usergroup.

JIRA configuration is a huge pain so I try to keep it as simple as possible.

Does the level of complexity involved here not worry people?

This kind of activity is not hard on other similar applications. Don't get me wrong Jira is getting better in leaps and bounds - But this is an example of an area that is overly complex for little benifit, bring in the UX designers!

This is reason 10000 on why the JIRA UI is total garbage, what a joke.

Is there a easier guide to restrict users to certain project ??

I would like to see this too, the documentation for Jira could use an upgrade too. For instance looking at the instructions above It took me 15 minutes to find the area to add a new permission scheme. For those unable to find it it's here /admin/ViewPermissionSchemes.jspa .

I found the problem with JIRA permissions is that things are strewn all over the system. I had the most frustration trying to find what areas the guides above alluded to. Things really need tidying up.

So, here is a guide detailing where to find each section required for security permission setup:

(In order of the main guide above)

1) Create a new group (restricted to project xyz group).

• Click User management in top right (click the cog icon) > login as Administrator > click Groups (left menu)
• Add group, self explanatory > Name = restricted to xyz group (or whatever you like)
  
  

2) Create a new permission scheme (Restricted to Project XYZ permission scheme)

• From Administration area > Click Issues > Permission Schemes
• Copy the default scheme as the guide says, > Click "copy" next to "Default Permission Scheme".
• Now this part takes some time. I deleted every single permission, then clicked "add" next to the below items.
  
  
• add > Click "Group" Radio Button > select your group "restricted to project xyz group" etc
  
  • Hint: I middle mouse clicked each item open all at once, first to delete, then to add. Makes it less tedious.
    
    
• Here are the items I Assigned to my group:
  
  • Project Permissions > Browse Project
  • Everything under "Issue permissions" section
  • Comments Permissions > Add Comments
  • Comments Permissions > Delete Own Comments
  • Comments Permissions > Edit Own Comments
  • if using time tracking:
    
    • Time Tracking permissions > Delete Own Worklogs
    • Time Tracking permissions > Edit Own Worklogs
    • Time Tracking permissions > Work On Issues
      
      
• I'm not sure if these are "correct" but it works for me.
  
  

3) Link the permission scheme with project XYZ

• Click Projects > Select your Project (project XYZ) > Click "Administration" at top of screen (Next to overview) > Click Permissions (left menu) > Click Actions > Select Use a Different Scheme
  
  
• Why, do I have to go into the project to do this? It should just be available via the Administration area under project! This took me 5+ minutes to find just now even though I've done it before.
  
  

4) Grant the Global Permission "JIRA users" to the group "restricted to project xyz group" so they will be able to log in.

• Go back to Administration area > Click Cog top right > Click System > Click Global Permissions (left menu)
• Add Permission > Select Permission = JIRA Users, select Group = restricted to project xyz group (etc)
• After this you should see your group appear next to "JIRA Users" just click View users, then invite/add the users as appropriate with your group selected.
  
  

That's all for now, I hope it includes everything, its all I could remember. Hopefully it saves someone else from the suffering i went through!

Jira permissions are hell. I'm not quite new to ERP Systems and stuff like that. So Atlassian rethink your program about that, it's a 100% no go for a program you must pay $1800 exceeding 10 collaborators!

I agree with the previous comments about the complexity. The user permissions in Jira are far too complex. This must be a common need and after trying a couple of approaches have not been able to get it to work to my satisfaction.

Hi Yvonne, in the project administration section you can configure the permissions scheme. The 'Browser Project' permission it is the one that determinates who can see the project.

I think many of you are making it more complex than needed. 

JIRA works by GRANTING access. You can't restrict access. By default it grants access to the group used to logon (used to be jira-users but may be different on your version).  This is probably where you're getting the access from and the basic problem with out of the box JIRA permissions

 1. The FIRST thing you need to do to get control is to remove any groups with logon privileges from the permission scheme unless you absolutely want everyone to have that permission. 

2. Setup user roles for the various functions like, tester, QA, Browse Only, etc. Then you can create one permission scheme to cover almost all projects.

3. The project admin controls which users are put in the roles.  This may be a big effort to switch to, but it will payoff down the road by making it easy to control

Is there any more updates on this? I'm still struggling with the OP and even after days of reading around the forums and various open tickets, I still can't get this to function.

I have a some what similar need, and for this found this thread.

It is not about giving acces or avoiding creation of issues to certain users. It's true it is somewhat complex, but I think I wuold not have managed it with a less mighty setup. So it seems not to complex but just mighty.

I searched, for a quite long while, to hide acess to projectinformation not need for certain users not invoved in a given project. Ie. to restrict the list of projects displayed by "show all projects" to the projects realy relevant for the given user. By this, also hiding certain information as: planed and past releases or components, not nesessarly thought to be spread to eg. customers.

After some thinking and serching, I got unfortunately the conviction, that this might not yet be possible, and be some subject for extensioon of the "projectright" section of the permission scheme. In the sense of "Show Project-Metadata" and "List Project". Hiding those informations from the project menue.

Does anyone else think this useful or am I the only one searching for this?

Or prehaps some answers how to do, if my finding would be wrong/incomplet?

I'm still struggling to accomplish the number one answer.

Closing this thread as it has become way too long and people are posting without reading the right answer above.

I wrote an article about it:

https://focusrealm.com/2019/03/25/discovering-jira-user-management/

I set it up as per the the instructions from Yvonne and it wasn't that complicated. The explanations given are a little simplistic, and do get you thinking about where the options are hidden (within the huge complex thing that is the Jira menu system). I find the easiest way to find things is to search for them using the Search Jira Admin option on the top right of the admin pages. It's way easier than remembering where they are hidden.

Is Jira needlessly complicated to set up?

Well it's certainly complicated, but needlessly... probably not.

@Rian Mueller I like your approach best, nice and clean.

While I agree with the complexity of permissions that all have previously mentioned, I absolutely love the power that JIRA provides in my day-to-day usage.  I'm glad Atlassian focuses on tackling the problems that plague my gears, hackers n hustlers rather than the ones that plague me (ops manager). They are the ones getting the work done that ultimately gets us all paid, and the more effective they are the better off the company is.  JIRA streamlines what we need for day-to-day workflow, control and reporting of our ops (including quality management, product management, project management, risk management, training, and development).  I'm happy to trade all of that for gaps in the permissions UX.

Jira permissions are hell. I'm not quite new to ERP Systems and stuff like that. So Atlassian rethink your program about that, it's a 100% no go for a program you must pay $1800 exceeding 10 collaborators!

I somewhat disagree with the top method posted. Frankly, the schemes that are in place are simply default scheme. I created my own groups, schemes, etc. and found this to be a somewhat simple process.

@robmf I don't think the level of complexity is worrisome. Jira is very similar to many other defect tracking systems in this respect.

Hi there, I am a newbie to JIRA so please excuse me.

I tried the above to fullfill my scenario.

I want to restrict certian users, to certain products.

i.e. I am creating a number of projects and these are only seen byt their respective clients.

I did the above, but then my admin user then couldn't see the project I has switched the defult permissions on.

I obviously did something wrong, but I am very confused.

I did the following

a) created new user 'userx' where I only want them to see 1 project

b) created new Group - 'restrict to project x'

c) copied default permissions - 'estrict to project x group'

d) then edited this permission so that where it read previous User (group / or role) switched with my new restirct to project x group.

e) Then assigned this new persmission schema to the project x

My test user cannot see anything when logged in, and my administrator account now cannot see the project x

???

Is there a easier guide to restrict users to certain project ??

many thanks

Mark

Please keep in mind, this Q&A relates to the OnDemand solution. For Standalone other conditons apply!

My approach would be:

Create a contractors group

Put users into the group

Pull up the permission scheme for the project in qestion.

give contractors group the appropriate permissions

ensure that the jira-users group is not in the permission scheme at all (it is VERY bad practice to use this group for permissions anyhow).

ensure that any roles that the contractor may be in does not have jira-users in it as well.

When the contractor is done, just remove the user from the jira-users group. When (if) they come back put them back in the one group and all of their access is still there. Note, never delete the user. If you don't want him anywhere then create a "inactive users" group and remove them from all groups, and put in the inactive users group. Making sure that the inactive users group is never used in any permission scheme.