Skip to main content

[Repositories / Projects] Managing User Access and Custom Roles Across Multiple Projects

Updated

Overview

  • How do I give a user a custom role for Project A and Project B, but prevent them from accessing Project C?
When you add users at the organization level to use custom roles, they often get access to all projects by default. Conversely, adding them only at the project level prevents you from using organization-level custom roles. This article outlines how to properly configure permissions so you can assign custom roles while keeping unauthorized projects hidden


This article outlines the best practices for configuring permissions so users can leverage custom roles while properly restricting their access to unauthorized projects.
 

Resolution

The ideal setup depends on whether the organization holds a Unity Pro license and whether custom roles are a strict requirement.
 

Option 1: Setup with a Unity Pro License (Recommended)

If the organization has a Unity Pro license, project visibility can be easily modified to simplify access control.
  • Assign the User role to all relevant users within the organization. This ensures everyone can be a member of a group or be assigned a custom role.
  • Locate any projects that should not be universally accessible (e.g., Project C) and set their project visibility to Restricted.
  • Rely on the restricted visibility to block default access. Only managers, owners, and direct members of the project will have access by default.
  • Add the appropriate groups or users as project members wherever you see fit (e.g., Project A and B).

Option 2: Setup without a Pro License (Custom Roles Required)

If the organization does not have a Unity Pro license, you cannot modify project visibility to "Restricted."
  • Create specific custom roles.
  • Assign these custom roles to groups designed to explicitly restrict access to the different projects.
  • In this scenario, because default visibility cannot be hidden, admins must manage access by explicitly restricting or applying deny permissions for the projects the user should not see.

Option 3: Setup without a Pro License (Custom Roles NOT Required)

If the organization does not have a Unity Pro license and utilizing custom roles is not a strict requirement, the most secure and straightforward method is to avoid organization-level permissions entirely.
  • Do not grant the users the User role at the organization level.
  • Add the users directly to the specific projects they need access to (e.g., Project A and Project B).

Related articles