How to permit specific group permissions to project in JIRA - jira

I am new to JIRA.
I have multiple customers, which I want to have READ only access to their own certain projects. (for instance customer X can access project Y only)
The rest, I dont want them to see.
In addition, I have developers that I want them to have READ/WRITE permissions.
I didn't quite understand the Permissions Schemes and the Roles and the Project setup to create such scenario.
(READ, WRITE permissions I mean for VIEW only and CREATE TICKETS etc...)
Thanks!

Provide them only browse permission, but nothing else.
Best is to use project roles to do so, such that you don't need a specific permission scheme per project.
- Create a role 'Customer'
- Create a permission scheme 'Customer Project Permission scheme'
- Configure the permission scheme such that
- The customer role has browse permissions
- The developer role has all other (applicable) permissions
such as edit, move ...
- Link the permission scheme to a project
- Configure the project such that
- the userid(s) of your customer(s) appear as a member
of the project role 'customer'.
- the userid(s) of your developer(s) appear as a member
of the project role 'developers'
Check http://confluence.atlassian.com/display/JIRA/Managing+Project+Roles
The Atlassian guys are way better than me to explain this stuff.
Hope this helps,
Francis

Related

Is there a way to enable users to create their own project on TFS-Azure DevOps without being a collection admin?

I'm a TFS admin and I'd like to make few users autonomous in order to create their projects on in and manage them.
But at the same time I don't want them to be able to modify and access previous projects that are not related to their job.
Is it possible to make this kind of segregation happen?
And if so, how?
To create a new project the user need "Create new projects" permissions, by default these permissions exist only to "Projects Collections Administrators" that give full access toe everything.
What you can do is to create a new group and in the collection level permissions give to these group the "Create new projects" permissions and deny other permissions that you don't want they will do.
After they create the project they can put themselves as a "Project Admin" and manage their projects.
In this way you give to the users the ability to create and manage new projects but they can't touch in another projects.

How to setup permission to single project on Jira

We have multiple projects but want to have single user to be able to see and work in just one project in Jira Software Cloud
It will be good to have new dedicated permission scheme. You may start by copy the default one:
Permissions can be based on Project Role or Group and depend on what will be your preference to manage.
If they are set on "Project role" as given on picture below if you is set to be in "Developer" role of certain project he will have browse permissions to it and each project that this permission scheme can be configured with users in certain roles and so these users will be the one granted with permissions
Target Project needs to be updated to use the new the new permission scheme .
It will be good to change default permission scheme to be more restrictive i.e. probably just user group admins to have access to projects that are using it.
Hope this helps!
The trick is to restrict access to all your projects apart from the one you want them to be able to see.
Then create a group that has permission to access the restricted projects.
Finally, add all your users to the group that has access apart from the single user that you want to restrict.
Create a new project role "Team member".
Copy the default permission scheme and replace "Application access - Any logged in user" with "Project role - Team Member".
Apply the new permission scheme to your project.
Add the user to the project under the role "Team Member".
Caveat: some permissions may be lost because of the "Any logged in user" permission removal which is sooo generic it hurts. So you need to check that existing users still have the access they expect. First step would be to add them to the project under the "Team Member" role.

In TFS Online, How do I share a code branch with our customer

We have an enterprise customer that we have delivered a system for. It is part of the agreement for us to supply them with the source code of the latest release. We are using TFVC on TFS online, and we thought it would be easiest to give them access to our Main branch. But I have difficulties with only allowing them to access the code and nothing else. The user I am testing with, can see too much: I.e. things like dashboard, current team members etc.
Is it possible for me to only expose code from the Main branch and nothing else to an external user?
Giving access to TFS Main Branch out of Organization (AD) is not advisable considering security.. Instead consider giving source code into zip format there are lot of large file sending (FTP sites) are available..
Still for your request of restricting access to user have a look over this
https://www.visualstudio.com/en-us/docs/setup-admin/restrict-access-tfs
you can consider replicating your part of source code into separate stream and give reader read only access to that stream.
Hope this helps... :)
Refer to these steps to set the permission:
Add user to your VSTS (Basic)
Remove this user from all group if you added
Go to admin page of a team project Version Control (Setting > Version Control)
Select a folder/branch
Click Add > Add User to add that user
Select the user that you added
Set Read permission to Allow
Go to Security page (click Security)
Click Create group to create a new group
Set View project-level information to Allow and deny other permissions for this group
Click Members of that new group
Click Add to add that user to this group
After that, this user can access the code (Just the folder/branch the user has the read permission) on web access (Code > Files).

How to restrict in Jenkins users from viewing users information like: id, name etc

I have configured Jenkins on centos 7.
Being administrator, I have created few users and gave them permissions to their projects like: build, read etc.
I have used a Project-based Matrix Authorization Strategy. Its working but I'm facing the following problem:
If any user clicks on people information (button on left is dashboard) then any user can view all the other users ids, name etc. I want to block this from happening and I can't find a solution to this problem.
Can it be a configuration problem?
Here is one solution using the Role Strategy plugin.
I'm using this plugin for our Jenkins server and it's really useful to define permissions.
On my staging Jenkins, I've create 2 users:
A full admin
A viewer
I've created 2 roles with the plugin:
Next, I assign the roles to the relevant users:
The viewer role only have a global read access + build on the jobs.
If I open a session with the admin one, I can see all the people:
With the viewer user, I don't see anything:
UPDATE:
If you want to assign some permissions on a specific project, you can create project roles (in the Manage Roles section):
You can filter the projects with a regular expression:
job(.*)postcommit
Next, in the Assign Roles section, you just have to assign the relevant project role to the relevant user.
I hope it helps :)

Deny read and browse source code on TFS 2012

I am trying to set permissions on TFS 2012 so as to deny read and browse of source code for some users/teams. Until now I have succeeded on denying read but I cannot deny a user from browsing it. That means, the user can easily see the full tree of files and folders. I would like the user not to be able even to browse it!
Found the solution!
I finally managed to totally hide source code from specific group of users (although I allow them to see work items) by setting "Edit collection-level information=>Not Set" on "Project Collection Valid Users" in "DefaultCollection Groups".
Of course I had to manually deny every permission on the root ($) of source but I suppose this could work for any path you like.
After that I created areas and allowed on this group specific areas and everything goes perfect!
Alex, thanks for your support on that!
I would try removing access to project level information on the Project Settings, if that doesn't do it you may have to remove access to the project as a whole.
One thing I would caution though is using Deny, especially on groups of users. Removing allow is better than specifically denying when having groups of users.
For instance: User A maybe a member of Administrators, but also a member of contributors. As a member of Administrators he should be able to do the action of the security setting in question, but we don't want contributors to do it. If we remove allow from contributors, than the allow in Administrators would still work. However, if we deny the contributors the deny overrides the allow in User A's Administrator group and User A cannot do the action of the security setting in question.

Resources