Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with Work item security schemes and permissions

Kelly Phillips
Contributor
May 26, 2025

Hi, I need some help with Security Schemes and permissions.  

I have 2 groups of people: JSM agents (IT) and Change agents (Business).  

I have 3 Issue Types: Service Request, Incidents & Changes.

Within my JSM company managed project, my JSM agents must be able to create, edit, close, delete all work items.

Within this same JSM managed project, the Change agents must only be able to create, edit and close Change issue type work items.

I have allocated JSM licenses to both groups of people.  The JSM agents are added as people directly in the project and given Service Desk Team roles.  

I created a Security Scheme with 2 levels of security:
Screenshot 2025-05-27 114145.png

In the Change request type, I added these restrictions:

Screenshot 2025-05-27 114343.png

Screenshot 2025-05-27 114504.png
Under project permissions, I have added my Change group into the below permissions:

  • Service Project Agent permission,
  • Create Issues
  • Delete Issues

What role do I give the Change agents group in the project when I add the group?

Screenshot 2025-05-27 115524.png
I have added the group before and given them Service Desk Team role, but when I do, my test user is still able to see all the issues, not just the Change ones. 
What am I doing wrong?

I followed these instructions as best I could, but some of it wasn't very clear and it still didn't work.
https://support.atlassian.com/jira-service-management-cloud/docs/create-security-levels-for-issues/

 

 

2 answers

0 votes
Aaron Pavez _ServiceRocket_
Community Champion
May 27, 2025

Hi @Kelly Phillips 

The Service Desk customer comes out of the box. you might have better luck by creating a new role with the same name  Change agents.

https://support.atlassian.com/jira-cloud-administration/docs/manage-project-roles/

That way, you can assign the permissions to that role and the security scheme too.

And use only one security level to restrict that group. 

Regards - Aaron

Kelly Phillips
Contributor
May 27, 2025

So I've tried again, and still no luck.

My user is called 'Datacom Intune Tester'.  This account has a JSM agent license. The user is added to my Change Editors group.  This group is a member of my JSM Project.  The group has been given the SWISH Change agents role within the People & Access area.


I have added the role SWISH Change Agent to the project under the 'Service Project Agent' permission in my Permission scheme

Screenshot 2025-05-28 175059.png

 

I get this error when I run the 'permission helper'.


Screenshot 2025-05-28 174908.png

But since my user has a license and is in the group that has the Service Project Agent role assigned to it, I really don't know where I am going wrong.

 

0 votes
arielei
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 26, 2025

Hey @Kelly Phillips 

Given that your only problem is that you still see all work-items then you need to create a security scheme where you set all users who can view the work-items and then attach it to the project.

Go to: System-> Work-Items-> Security Scheme and create a scheme for your project.

 

 

Kelly Phillips
Contributor
May 27, 2025

I have created a Security Scheme, and included a screenshot of it.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events