I need help setting up user permissions in JIRA 4.4 for new team members. We want to give temporary access to people who are learning the system.
Here’s what I’m trying to do:
- Make it so a user can only see one project when they log in
- Hide all other projects from their view completely
- Give them normal developer rights but just for that one project
- Keep it simple so we can easily remove these accounts later
I tried adding a test user through the People section of a project. I put them in both the Users and Developers groups for that project. But when they try to log in, they get an error saying they don’t have permission.
When I add them to the main jira-users group, they can log in fine but then they see every project we have. That’s not what we want.
Is there a clean way to do this without messing with global settings? We don’t want to create complicated permission schemes that will be hard to clean up later.
yo, u might wanna check the permisson scheme again. sounds like that dev group aint linked right. head to admin > permisson schemes n make sure ‘browse project’ is on for devs. that could be why they can’t log in properly.
Had this exact problem when setting up contractor access last year. JIRA 4.4 needs users to have basic global permissions just to log in, but you don’t want them seeing everything after that. Here’s what worked for me: I created a separate user group for temporary users and gave it minimal global permissions through a custom permission scheme. Then I used project roles to control their actual access. The step most people miss - you’ve got to assign Browse Project permission at the project level through that project’s permission scheme, not just by adding them to project groups. Make sure your temp user group has Browse Project permission mapped in that specific project’s scheme. This keeps everything contained and makes cleanup way easier when you need to kill the accounts later.
This happens because JIRA needs users to have the global Browse Users permission to log in at all. Even if you’ve set up project permissions correctly, users can’t actually authenticate without being in jira-users or a similar global group. Here’s what you need to do: create a custom global permission scheme that only gives Browse Users permission to your temp users. Go to Administration > Global Permissions and copy your existing scheme. Strip out everything except Browse Users from this new scheme, then put your temporary accounts in a dedicated group using this restricted setup. For the project side, make sure your temp users get Browse Project and whatever developer permissions they need through the project’s permission scheme. This way they can log in but only see their assigned project. The trick is splitting global authentication from project access instead of trying to manage everything at the project level.