I do not understand this logic. Why do we segregate in different projects with different portals and then do not care what project context the user is in?  After all,  you register as a user in the context of one specific portal. Why then do you have access to all portals? There is a major flaw in how Service Desk handles customer access rights

My case is the following: I have 5 customers subscribing to 5 customized applications. Every customer has its own service desk project with its own, specific knowledge base behind. For the agent it is important to know what context the user reporting a bug or request is coming from. A self registered user appears in ALL projects, not just the project he/she registered under. And he/she can see requests from all projects. Furthermore our customers are from the financial services sector. These folks have an emphasis on GDPR compliance. The current setup is NOT GDPR compliant.

Hey Michael, 

We have two access models for Service Desks.

The first is centred around the Help Portal, and is designed to support an organisation with its internal support. Projects are open, and customers are free to navigate from service desk to service desk based on their needs. 

The second is centred around a single or subset of service desks, and is designed to support mixed customer bases. In this model, service desks have tightly managed access, and customer will only see what they have explicitly been granted access to

Looking at your situation, you could use my recommendation, or alternatively keep sign-up restricted and provision your user accounts manually to ensure customers only ever access a single project for them.

We are undertaking some work which focuses on Customers and how they provision accounts, and how this can be restricted. Your feedback is excellent food for thought. Would you be open to joining a future discussion on the topic?

Cheers, 

Ben.