It's a very common request that we (JIRA Administrators) keep getting, on how to give read-only access to certain users for certain projects. Or certain management users would like to view issues, in order check the progress or latest activities, but don't need any edit/update access.

Well, here is my recommended approach on the same:

  1. Create a role named, 'Read-only Users'
  2. In the projects permissions, only give 'Browse Projects' permission to the above created Role
  3. Now, it's upto each Project Administrators to add users to the above role for their Projects. And those users would only have read-only access to that Project.

This is also a great example on why to use Roles and not Groups. Roles are specific to Projects, this means, a person can play Developer role in one Project while Lead Developer role in another Project. Project Roles are a flexible way to associate users and/or groups with particular projects. Their main difference with Groups is that they are project-specific while Groups are global across the JIRA application.