Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Customer's can specify approvers who don't have a Jira account

Sam Terezakis
Sam Terezakis December 6, 2023

I have a 'team managed' service management project. An issue type's workflow has an approval step set to 'customer selects approver' and the approval field set to the system generated 'approvers' field. 

Screenshot_20231206_204202.png

There appears to be no options to edit the options within this field. 

Screenshot_20231206_204413.png

This option allows customers to add their own approver by specifying an email, even if they do not have a Atlassian account within our instance. 

Screenshot_20231206_204615-2.png

This has resulted in customers (1) entering incorrect email addresses and (2) adding users that do not have a profile within our instance, which requires an agent to manually change the approver. 

Can the approver list be restricted to users (or a subset of users) with accounts on our instance?

Answer
Watch
Like Be the first to like this
355 views

1 answer

0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 6, 2023

Hi @Sam Terezakis 

I can reproduce this.

It seems related to JSDCLOUD-11150 

I would suggest to raise this as a bug at Atlassian Support, or ask if this is intended like this.

@Jack Brickey @Joseph Chung Yin @Mikael Sandberg would this be something you would have information on?

View More Comments
Mikael Sandberg
Mikael Sandberg
Community Champion
December 6, 2023

I don't think the Approvers field can be restricted, and I don't think that you could use a custom user picker field since you would need Browse users and groups global permissions which cannot be assigned to portal only users. The only workaround that I can think of, besides not allowing your customer to select the approvers, would be to have a custom field with a list of users that can approve.

Like Marc - Devoteam likes this
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 6, 2023

Hi @Mikael Sandberg 

Thanks for the response.

But it still seems strange to me the option is there and then you are just able to add an email address real or fake to enter in the field from the portal.

Might you be able to raise this at Atlassian, as this can maybe also be exploited in a way.

Like
Mikael Sandberg
Mikael Sandberg
Community Champion
December 6, 2023

I don't work for Atlassian, I am just a customer just like you. But I think this might be based on the customer permissions too, since you can set it so the customer can share the request with anyone.

Like Marc - Devoteam likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.