Jira Cloud - How to Create a Read Only User

Still need help?

The Atlassian Community is here for you.

Ask the community

This article requires fixes

This article has been Flagged for fixing. Use caution when using it and fix it if you have Publisher rights.

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Problem

Create one or more users with read-only access to one or more projects. This approach is slightly different than managing anonymous or public access. The read-only user will require a license whereas anonymous access does not. Allowing anonymous project visibility means projects are visible to public whereas using read-only users, they will be required to login to access the content.

You will need to determine whether the read-only user account should be restricted from creating/editing issues. At a minimum, you will want the grant the read only account permission to browse issues in a project. 

Scenario

A common scenario is to have 'internal' users, groups or roles who can access many projects, and 'external' users, groups or roles who can access only a few projects. Do this by granting the Browse Project permission in many projects to the 'internal' users/groups/roles, and in only a few projects, grant that permission to the 'external' read-only user/groups/roles."

Solution

  1. Create a group for read-only users and add read-only users to the group. 
  2. In the User Administration at Product access configuration, enable access for the new group (required in order for the account to login)
    1. Go to User Administration > Product access
    2. Click Add group for the target product (like JIRA Software or Jira Work Management)
    3. Choose the newly created group from the list
    4. Add group
  3. Remove the read-only users from other 'internal' groups such as the default 'jira-users' group.
  4. Create a Project Role named Read Only and add the group to it.
  5. Add the Role to the project Permission SchemeEach permission is mutually exclusive with the main permissions being as follows:
    1. Browse Project  << For read only use only this
    2. Create Issue
    3. Edit Issue

You may certainly grant additional permissions beyond what is recommended here. A good approach is to restrict the roles as much as possible and add permissions as needed. It is much safer to add permissions on an as needed basis as opposed to possibly exposing too much data. 

By using Project Roles you'll be able to reuse the Permission Scheme between different projects that have different read-only users.

Test the scenario and make adjustments accordingly. 

This Knowledge Base article explains how to restrict permissions for a single user or group in one Permission Scheme. Note that if there are other projects that use different Permission Schemes which allow access to this group/user they will have permission to see these projects as well. You can get more information about it in Managing project permissions



DescriptionCreate one or more users with read-only access to one or more projects. This approach is slightly different than managing anonymous or public access. The read-only user will require a license whereas anonymous access does not. Allowing anonymous project visibility means projects are visible to public whereas using read-only users, they will be required to login to access the content.
ProductJira
PlatformCloud
Last modified on Apr 26, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.