Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 21:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict "browse project" permissions if it is grated to "All members for directory" group?

Praveen
Praveen
Contributor
February 4, 2022 edited

We have 800+ AD groups that are provisioned for Jira access and since we cannot add every one of them manually for Browse projects permission, we provided access to "All members for directory ..." group created by Access. This permission is the same for 500+ projects. Now we have some users who have to be restricted only to certain projects and they should not see other projects, is there some way I can achieve this. The only possible solution that I figured out was to create the users manually as they will not be a part of the all members for directory and we can create a new permission schema for those projects including these non provisioned users. 

But I do not want to manually create users and would like to provision them too, any one had a similar issue and found a fix?

 

It would be great if there was also a "Deny" option along with the "Grant" in the permissions!

Answer
Watch
Like Be the first to like this
367 views

1 answer

0 votes
Sachin Dhamale
Sachin Dhamale
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 7, 2022

@Praveen 

First of all you need to figure it out all the project share same AD groups. accordingly you need to create common AD group which will include all other small AD groups. and use that common AD group for those group.

like you mentioned some of the user you need to restrict - for that you can create a different jira internal group with user you want to give permission OR Create project role there you can add the common AD group/user/internal jira group which you want to give permission to the project. - Then add those project role to the browse project permission.

Project role will be the best practice to manage permission. also you can create jira internal group for the user which belongs to different AD groups

Pls Accept the Answer if it helps :)

View More Comments
Praveen
Praveen
Contributor
February 7, 2022

Thanks for the response Sachin, the problem is each project uses their own AD group and they use it for restrictions/access within their project. Also Access doesn't support nested groups so I cannot sync both the parent and child groups.

I am working on a different solution and I am close, will post updates when I finalize it.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Upcoming Jira Events