Jira Cloud - How to Create a Read Only User

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Problem

You may need to add one (or more) external user(s) to your Jira instance. However, they should only have access to certain project(s) and only have specific permissions.

Creating read-only users requires granting them a Jira license.

This approach is different than managing anonymous or public access. Allowing anonymous project visibility means the project is publicly visible on the internet, whereas using read-only users will require users to have an Atlassian account, a Jira license on the site, and for them to log in to the site to view the project.

Solution

We will need to restrict all projects to your internal users, and then grant specific permissions to the external users. There are quite some steps to getting this done, but it is very possible.

To achieve this, we'll need to create a group, project role, and make changes to all projects' permission schemes. Let's break this into steps:

Create a Group

  1. Go to your site's User Management Groups page.  You can reach this by going to Settings > User management.  You could also enter the URL of https://<site-name>.atlassian.net/admin/groups where you substitute your site name.  This will redirect you to the correct page within the admin.atlassian.com site.
  2. Create a new group (example: readonly-users) and grant it product access to Jira. See also Give users access to products (note that the user management experience might be different for different Cloud sites, so theses steps might might not follow exactly for all Cloud sites)
    1. Go to User Administration > Product access.
    2. Click Add group for the target product (like Jira Software or Jira Work Management).
    3. Choose the newly created group from the list.
    4. Add group.
  3. Add the external user(s) to the readonly-users group only.

Create a Project Role

  1. Go to Jira and create a new project role for the external users (example: readonly-users-role). (https://<site-name>.atlassian.net/secure/project/ViewProjectRoles.jspa)

    1. In Jira, click Settings (cog icon) > System.

    2. Select Project roles.

    3. Under Add Project Role at the bottom of the page, enter your desired role's name (example: readonly-users-role) and a description.

    4. Click the Add Project Role button.

Adjust your Permission Schemes

  1. Go to Settings> Issues > Permission schemes, and for every permission scheme in use (for all projects):
    1. ensure permission Browse Projects and Administer Projects is not set to "Any logged in user" or to users with only "Application access" to Jira.
    2. Set permission to Browse Projects to your Jira products' default access group - where all Jira users, except the restricted user(s), exist. 
  2. On the Permission scheme used in the project(s) you want the external users(s) to see, add to the Browse Projects permission the project role readonly-users-role. << For read only use only this 
    1. Optional: you can also add the project role readonly-users-role to add other permissions you might want the external user(s) to have, such as create issues, edit issues, etc. 
  3. Make sure the Permission scheme(s) where you added the readonly-users-role is not shared with projects other than the project(s) you want the external users to see. (You can read more about permission schemes here)

Add the external users to your project

  1. Go to your project and click Project settings > People.
  2. Click Add people.
  3. You can add: 
    1. specific user(s) from the group and assign them the project role of readonly-users-role.
    2. the group readonly-users and assign it the readonly-users-role.

Team-managed projects

If you also have team-managed projects on your site, for each project, you'll also need to make changes on Project settings > (Internal) Access to restrict its access to private. If you want to allow external users to view a team-managed project, create a new project role with limited permissions (Create a role in your team-managed service project) and add them to your project.

tip/resting Created with Sketch.
  • By using a project role you'll be able to reuse the Permission Scheme between different projects that have different read-only users.
  • A project role also allows you to grant single users from the readonly-users group access to a project.
  • A good approach is to restrict the role as much as possible and add permissions as needed. It is safer to add permissions as needed, rather than unnecessarily exposing too much data. 
  • You can test these steps and make adjustments accordingly. 

This Knowledge Base article explains how to restrict permissions for a single user or group in one Permission Scheme. Note that if there are other projects that use different Permission Schemes which allow access to this group/user they will have permission to see these projects as well. You can get more information about it in Managing project permissions



Last modified on Apr 19, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.