Restrict project access to certain groups or users in Jira Cloud
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
This article applies to company-managed projects in Jira Cloud.
For team-managed projects, check out (Jira Software) Team-managed project permissions or (Jira Service Management) Overview of permissions in team-managed service projects
Summary
Jira is often shared by different teams. It's common to restrict project access to certain team members using permission schemes, groups, and project roles.
Example scenario in Jira
Imagine we have three projects: Teams in Space (TIS), Human Resources (HR), and Technical Crew (TC).
Our company has departments that align with these projects as well. Each team should only be able to access its corresponding project.
To achieve this, we'll use project roles and groups, so we'll only need to use one permission scheme.
Create groups if you don't have any
If you already have a group, you can skip this step. If not, you'll need at least one group to assign to our project role later on.
You need to be a site admin to create groups. If you're not a site admin, ask your site admin to set up any groups you need.
To create groups:
- Go to ⚙ Jira settings > User management > Groups
- Choose Create group, give the group a name and select Create group
- Select Add to add people to your group
- Add people (you can add multiple at a time) and choose Add user
For our example, we've created three groups, but you can use any group names you wish:
- Human-Resources
- Teams-in-Space
- Technical-Crew
Create a project role
We're going to create a new project role and call it "Browse."
- Go to ⚙ Jira settings > System > Project roles
- At the bottom of the page, add a Name and Description and choose Add project role
Add the project role to the Browse Projects permission
- Go to ⚙ Jira settings > Issues > Permission schemes
- Find the permissions scheme associated to the relevant project, and select Permissions
- Select Edit, choose Project Role, and select the Browse project role we previously created
- Select Grant
We now have a permission scheme with the Browse project role configured for the Browse project permission.
If you'd like the users to also have permission to create issues, comments, etc, please be sure to also add the project role to these other permissions on the permission scheme.
Add the groups to the project role
We're now going to add the groups to the appropriate project role to give them access.
Go to the People settings page for each project and add the corresponding group to the Browse project role.
For example, for the Teams in Space project we would:
Go to Project settings > People
Choose Add people
Start typing "
Teams-In-Space" then select the groupChoose the Browse project role and select Add
Now, all users of the Teams-In-Space group have access to the Teams in Space project.
Repeat this for the other projects, choosing the appropriate group in each project.
Remove unnecessary browse projects permissions
To help ensure the project will only be visible to the right users, you should remove any other groups and application access from the browse projects permission.
To grant users access to the project, add them (users or groups) to the project role via Project settings > People.
If you don't remove groups and application access, respectively, any user added to the group or any logged-in user on your site will still be able to access all projects associated with that permission scheme. If you don't see either on your project's permission scheme, the permission hadn't been granted and you don't need to make this change.
- Choose Remove next to the Browse Projects permission
- Select any unwanted groups and/or application access
- Select Remove
Additional resources
If you need any help implementing this on your site, you can always check our documentation and get in touch with our support team.
Related articles: