How many permission schemes do I need?

OK, I have added all 3 projects to the default permissions scheme. Now how do I limit the projects that each user can view? For example I have a user which is only in Group A that is only supposed to view Project A. When he logs in, he can view projects A, B and C. How do I limit Group A to Project A?

You probably don't want to use the default permission scheme, as it may not be appropriate for you to make changes to it. If the user in Group A can view all 3, that means the "Browse Project" permission is either open to the "jira-users" group (or some other widely open group), or else it's based on the "Users" role, and that role is open. I would copy the default priv scheme to something specific for your 3 projects, make certain no privs are group based, then check each project role to make sure it is restricted appropriately.

I have followed your suggestion and create a new permission scheme. Otherwise, I am still having problems getting this to work. This is my set up : All projects have been added to the same permission scheme. User A has been added to group A. Group A has been added to project A. User B has been added to group B. Group B has been added to project B. User C has been added to group C. Group C has been added to project C. When I login as user A, that user has access to to projects A B and C Each user is also in jira-users and no other group. What am I doing wrong?

"jira-users" typically has "browse project" privs through being in the "Users" role for a project... at least, using the default project roles and permission scheme. So you'd have to remove "jira-users" from that role, or remove that role from the browse permission. That's a guess, of course, I'd need to see the scheme and project roles to be certain.

My new permission scheme is a copy of the default permission scheme. I deleted jira-user from the browse project role and User A can still browse all projects. I don't understand how to remove the role from the browse permission. What is the difference between remove "jira-users" from the browse role and remove that role from the browse permission?

Step #1 is to remove "jira-users" from the "Browse Projects" privilege in the permission scheme; if the permission scheme includes "Group (jira-users)", that group has explicit access independent of the project roles. If it has "Project Role (Users)", then only users/groups in the project's role has access. So you make the browse privilege in the permission scheme "Project Role (Users)" (and nothing else), then you adjust the "Users" role for the project so that "jira-users" isn't in the role, just "Group A" is in the role.

New I have tried very hard to follow your instructions exactly. User A is in Group A. and in jira-users Group A has been added to project A. It is the only group in the project All projects are in my new permission scheme. Now user A cannot access any projects. What else do I need to do. ?

When you say "Group A has been added to project A", please be very specific? Ideally, you mean "Group A" is in Project A's "Users" role. Further, you need "Role (Users)" to be in the "Browse Projects" permission in the permission scheme.

Summary: User A needs to be in Group A. Group A needs to be in the project's "Users" role. The project's "Users" role needs to be in the permission scheme for "Browse Projects". That's it.

New summary that covers all of the discussion points. User A needs to be in Group A. Group A needs to be in the project's "Users" role, and "jira-users" needs to not be in the project's "Users" role. The project's "Users" role needs to be in the permission scheme for "Browse Projects", and "jira-users" needs to not be in the permission scheme for "Browse Projects".

Thanks Jeremy, This works like I want it to work. I knew if I could just find out how many permission schemes I needed it would eventually lead to the correct answer. Now when I add new users, I can simply add them to the correct groups and they will have access to the projects that can be accessed by those groups, with all the same permissions as everyone else in those groups.