Private and Public Projects
YouTrack supports both private and public projects.
In a private project, access is restricted to a limited set of users and groups. You can hide a private project from all other users in the system.
In a public project, issues are visible to anonymous users over the internet.
The visibility for a project is affected by the status of the guest user account. The user who installs YouTrack Server determines the initial status of the guest account when they set the Enable login as guest option during installation. This option is enabled by default. Following installation, an administrator can ban or unban the guest account just like any other user.
Even when enabled, the guest account isn't assigned any default roles. If you want to expose a project to the public and let users browse issues anonymously, an administrator must grant access to the guest user on a per-project basis. For details, see Manage the Guest User Account.
Public Projects with Guest Access
By default, the guest doesn't have access to issues in any project. If you want to make issues in your projects available in read-only mode to anonymous users, you can grant the Issue Reader role to the guest user in the Global project. This gives anonymous users the Read Issue and Read Comment permissions in all projects. These permissions let guest users view any issue and its comments in any project. This role also grants permission to read basic project information like the project name, description, and logo.
Even in projects that are accessible to guest users, you still have the ability to restrict the visibility of issues and comments on a per-issue basis. For more information, see Set Issue, Comment, and Attachment Visibility.
You also have the ability to mark specific fields as private and hide their values from users who don't have permission to read private fields, including anonymous users. For more information, see Private Custom Fields.
Privacy at the Project Level
As a project administrator, you can manage which users and groups have access to issues in your project. The following options are available on the Edit Project page:
On the Access tab, you can grant roles in the project to users and groups. This gives you fine-grained control over the level of access that is available to users in your project.
On the Team tab, you can add users and groups to the project team. This gives users the level of access that is defined by the default Contributor role.
To ensure that your project is private:
Don't assign any roles to the guest account or add the guest user to the project team.
Avoid assigning roles to or granting team membership to the All Users group.
Privacy at the Global Level
Project access is also affected by role assignments in the Global project. You'll find a list of roles that are assigned to users and groups in the Global project on the Access tab of the Edit Project page.
In the 2018.4 release, we updated the default permission scheme to reduce role assignments in the Global project. As a result, you don't need to revoke roles from the Global project to make your projects private.
In older installations, the guest user is granted the Observer role in the Global project. The default Observer role has been modified to exclude access to issues in projects. However, an administrator may have granted access to the guest user beyond the default role assignments.
To restrict project access exclusively to members of the project team and other users or groups who are assigned direct roles in the project, you'll need help from a system administrator. Here are some important operations that are available to users who are assigned the default System Admin role:
Restrict project access for anonymous users. A system administrator can remove roles that are assigned to the guest account in the Global project. Project administrators can then allow guest access on a per-project basis. For more information, see Manage the Guest User Account.
Remove unwanted role assignments in the Global project. It's common practice to assign roles to users and groups in the Global project to ensure that a handful of users can perform similar duties in all projects. You can check the set of permissions that are granted by these roles on the Access tab in your project. If you find that a particular role assignment in the Global project exposes a greater level of access than is required, discuss the setup with a system administrator. A system administrator can either update the permissions that are assigned to the role or revoke this level of access at the global level.