Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can Security Levels work to limit visibility of issues in the Service Desk portal?

ex.Geir Sigurður Jónsson
ex.Geir Sigurður Jónsson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 16, 2017

I have a Service Desk portal - with issues separated as expected using Organizations.  I also have customers that access the same issues through JIRA (not the service portal), using Security Levels to limit their issue access.

My question is, is the Atlassian plan to use Security Levels somehow with the Service Portal or should the Security Level and Organization be thought of as completely separate security models (one for JIRA and the other for SD)?  

I am currently taking advantage of the feature (bug?) ..  that removing "Service Desk Customer - Portal Access" from a Security Level, removes access for all portal users, except those that have access to the Security Level.   This could both be considered as a feature and a bug ... :)

Answer
Watch
Like # people like this
5373 views

2 answers

1 accepted

1 vote
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 18, 2017

Think of them as completely separate security models, because they are.   I can understand why you might consider these to be similar, they do provide similar functions within JIRA.    But the documentation on Customizing JIRA Service Desk permissions explains what this Service Desk security scheme does.  From Customizing Jira Service Desk permissions:


In addition, if the service desk project uses an issue security scheme, make sure that it is configured so that service desk users can view issues. Otherwise, customers might be able to create issues but not view them after they've been created. See Configuring issue-level security

By default, no projects in JIRA automatically use an issue level security scheme.   Not even Service Desk projects.   But Service Desk projects do have a way to separate access to issues for Service Desk customer only users.  These users only have access to the customer portal, which in turn is only showing issues that they are the reporter, or where they have been added as a requested participant, or possibly issues that have been shared with their organization.

Yes I believe you could further restrict user access to specific issues in the customer portal with an issue level security scheme.  But I'd recommend being careful with doing so.   I could foresee scenarios where customer portal only users might be able to create issues, but then never see them because they lack the security level assigned to the issue, or possibly they could be prevented from creating issues altogether.

View More Comments
Peter Friberg
Peter Friberg August 30, 2019

I have an issue security scheme applied to a service desk project. Dependent on which options the user select at Create, a certain security level will be set in a post function so that only certain agents will be able to see the ticket. Besides, the security level also gives access issue to "Service Desk Customer - Portal Access"

A ticket is created with the correct security level, and the customer user is provided a direct link to the issue in the portal, and the user has access to the ticket. The "Requests" count at the top right increases with one. However, when viewing the requests list, the new ticket is not listed. The same behavior also applies to request participant. 
Email notification is also sent to the customer user.

Assuming that it is a bug that the ticket is not listed.

Service Desk version is 3.16.1

Like Sylvain Leduc likes this
maguialahmar
maguialahmar
Contributor
June 15, 2021

Hi Peter, 

i m applying the same solution but i can see all requests. so i dont think it is a bug... or maybe it was a bug :) 

Like David Wolfman likes this
Игорь Кувшинников
Игорь Кувшинников August 12, 2021

@maguialahmar 
Hi!
Does your solution work with organizations?
I mean can members share their requests with other members of their organization?

Like
Reply
0 votes
Sylvain Leduc
Sylvain Leduc
Contributor
June 20, 2023

Hello @Peter Friberg 

4 years later, I do have the same bug with JSM 4.20.10.

It only affects Agents raising a JSM ticket on the same JSM project they have agent permissions.

They can create it, can access it through the customer portal /servicedesk/41/ISSUE-123 but not listed in their own portal.

Any news from Atlassian about it, a link to a public ticket maybe ?

Thanks.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.