Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Setting permissions access for projects

Encryption Cake
Encryption Cake July 31, 2023

Hi everyone.

I am using Jira Software v.9.0.0. I set up several roles, the scheme of access rights for projects regarding roles - I removed any access for any groups, for any logged in user, etc., all rights are set only for project roles.

After all, I noticed the following problem - anyone who is a member of the jira-software-users group can view ALL existing projects and change the roles assigned to users in them. That is, anyone can go to an existing project (even if he does not have a role in this project) and add the project administrator role to himself, which makes the configured access rights schemes useless.

After searching, it seemed to me that the problem was in the jira-software-users group. I was advised to make a new group and in the Applications settings add access to Jira Software to it so that users can log in. Then I created a jira-developers group, gave it access to Jira-Software. As a result, this group began to have the same disadvantages as jira-software-users, that is, all its users see all projects and can change project roles in them.

So there are two problems:

1) users of the jira-software-users group see all projects (even if they are not assigned a role in this project);
2) any user in the project can change the role scheme (add new users and give them roles, change their roles, etc.).

It would also be nice to set it up so that a certain user group or role can see only the issues of the project, and not the entire project with its settings. Maybe I didn’t understand something and the problem is not in the jira-software-users group.

Answer
Watch
Like Be the first to like this
837 views

2 answers

1 accepted

0 votes
Answer accepted
Encryption Cake
Encryption Cake August 1, 2023

After I removed "Reporter" role, the permissions began to work as I wanted.

Reply
0 votes
Clark Everson
Clark Everson
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 31, 2023

Hi @Encryption Cake 

Welcome to community!

i've used roles in many permission schemes and this doesn't cause the issue, there seems to be something else at play unrelated to permissions here

In the permissions scheme verify the browse permission role isn't applied to that group would be the only permission based thing

Other than that you would need to look at the global permission and make sure they don't have admin access. You can also check the groups and verify admin isnt next to that groups name. If it is you need to remove admin from that group

Without seeing your instance though or having screenshots of all the places it's hard to diagnose. However, I can assure you the only way this is permissions related is that the Browse Project permission has a group on it or that group is in the project roles as some role for every project. Otherwise it's not related to permissions

Best,

Clark

View More Comments
Encryption Cake
Encryption Cake August 1, 2023

Thanks for the answer!

I am attaching pictures of "Global permissions", "Users and roles", and "Permissions" of project.

Global permissions.pngUsersRules.pngProjectPermissions.png

As you can see this is a very simple configuration. But with these settings, any user in the "jira-software-users" group can open the "Project settings", enter the "Users and roles" and assign themselves the "Administrators" role.

Like
Encryption Cake
Encryption Cake August 1, 2023

I solved this problem, it was my mistake.

I didn't fully understand the meaning of the "Reporter" role. After I removed this role, the permissions began to work as I wanted.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.