In Jira (4.0), under Global Permissions, I have the Jira Users group containing two groups, jira-users and jira-login. When I started at this company, there was only the jira-users group, but I added jira-login so that I could remove users from jira-users and still have them be able to login. Everyone with jira-users permissions has specific permissions across every project in Jira and I didn’t want to have to change that group’s access on every project/permissions scheme affected.

Ultimately, what I’m trying to do is have a new group, Suppliers, have limited access to our projects. So a supplier is a member of jira-login and Suppliers only. Regular users are members of both jira-login and jira-users, although since they are a part of jira-users, they can still login without being part of the jira-login group.

The problem I’m having is that suppliers can see the projects that I want them to, but also a few projects that I didn’t give them permissions to see. I want to remove the visibility of these unwanted projects for suppliers. NOTE: to let the suppliers see the select projects, I added the Suppliers group the the Users project role on each project that I want them to see.

Under project roles for each of this unwantedly visible projects, the only groups that have access to the Users (or any other project role besides admin) is jira-users. I have no idea how people outside of the jira-users group can see these projects.

I cannot seem to find the common denominator scheme/setting that these suppliers have. Certainly the newly created jira-login group doesn’t have any sort of access that I didn’t enter in manually. Right?

Any suggestions? Thanks.