Hi Susan,

thank you for your reply. Could you please explain that more precisely.

I tried to change the permission but after that I always get the following warning:

Hi Heike,

Service desk ALWAYS says it's an error on the permission scheme whenever you make any changes that aren't their out of the box permissions.  I dislike this "feature".  I close my eyes and ignore it. 

So what I did was I put my "customers" into the role of Users.  They are also still in the Service Desk -Customers role as well as I still want them to use the portal for most of their interaction.

ANd I granted "Browse " Permission to role Users.  It's pretty safe. 

Hope that helps....

Susan

Hello Susan,

with "role of Users" you mean the project role "Service Desk Team", don't you?

So I added my customer to this role, but he is still not able to access Jira view.

Hi Heike,

If you add someone to service desk team and you don't grant them an agent license, they won't be able to do much.

What I mean is to do this:

1. Take one of your users say "john doe"

2. Add John Doe to role of Users

3. Modify your permission scheme for "Browse Project" and add role Users

Try that out.  Do not put John Doe in Service Desk Team or grant him an agent license.

Cheers

Yes, I know, they can't do anything. But I was curious what you may mean with "role of users". I do not have a project role calld "users", as you can see below:

I could add a group in the user management called "users" but to add the browse permission to a group without application access doesn't work either.

Are you using JSD cloud or server?

Hi,

I'm on Server.  @Jack Brickey I know you are better at Cloud.  Not sure why Users is not a role?

So in cloud the default roles have changed over time. I took a look just now and see the following: Administrators, Contract Developers, Developers, Service Desk Customers and Service Desk Team. I will say that the roles can be a bit confusing in JSD and I think that is why we see them changing. :-)

Now back to the question and topic at hand. First and foremost making a customer and agent (adding them to Service Desk Team role) is a bad idea for sure. Doing so will provide them full access including Internal Comments and I don't know any way around that though, @Susan Hauth _Jira Queen_ in reading your comments it appears you may have accomplished this but I would be very surprised by this. I don't see how giving a group browse permissions would exclude access to internal comments.

In my instance I have created a group in JSW called JSD Collaborators that allows my developers to view dashboards and make comments on JSD issues. I give that group permissions on my JSD project for Browse, Comment, etc. However, they absolutely see internal comments which is granted by Browse. 

I will ponder this more but @H K I don't see how you can provide access to dashboards w/o access to internal comments. Thinking as I type here....I wonder if setting up a wallboard might be a path to success. Haven't looked at that in awhile.

Hi,

I stand corrected.  Just tested it out and my Users can see internal comments when browsing in Jira. 

So I don't think there is a way to get around this.

:-(

Hello @Jack Brickey,

thank you for your detailed response!

So in this case we will encourage our team to be carefull with internal comments ;-)

In the meantime, I also found a ticket realted to this topic:
https://jira.atlassian.com/browse/JSDSERVER-829

Maybe some day the causing problems (especially this one: https://jira.atlassian.com/browse/JSDSERVER-3932) get solved and we don't need the workaround with the agent account anymore. A wallboard would be also a good idea but only for one of our issues.