Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Access to all requests of a space

Aggeliki K
Aggeliki K
Contributor
April 1, 2026

Hello,

 

Our customer portal has customers that come from an approved domain (synced from azure). When submitting a request, they can view as reporters only the requests where they are reporters or participants. 

Recently we added manually some external customers (gmail.com) and we realized that they are able to see every request that has been submitted from every reporter!!

Can you tell me why this happens and how to fix it?

We have a serious issue with sensitive data!

 

Thank you in advance,

Aggeliki K.

  

Answer
Watch
Like Be the first to like this
101 views

2 answers

1 vote
Trudy Claspill
Trudy Claspill
Community Champion
April 1, 2026

Hello @Aggeliki K 

How are the gmail users viewing all the requests? Are they viewing them through the customer portal, or are they licensed user and viewing requests through the non-portal JSM UI?

A user that is only a customer and only view requests through the portal should be able to see:

  1. requests they submit
  2. requests where they are a Request Participant
  3. requests where the Organizations field has been set to an Organization to which they belong

You have obviously checked point 1 already. What about 2 and 3?

Reply
0 votes
Mikael Sandberg
Mikael Sandberg
Community Champion
April 1, 2026

You need to check your customer permissions, it sounds like your customer sharing settings allows customers to search those either within their space or organization. Does your external customers with gmail accounts belong to an organization within the space?

View More Comments
Aggeliki K
Aggeliki K
Contributor
April 1, 2026

hello @Mikael Sandberg 

yes they do belong in an organization

should i remove them?

Like
Mikael Sandberg
Mikael Sandberg
Community Champion
April 1, 2026

No, if you remove the user from one spaces they will not be able to manage the board. Anytime your board included work items from different spaces they have to access to all spaces included.

If the board had all statuses included, then take a look at the workflows, it could be that the next status is in a different column than what the user is expecting. If the board has multiple status assigned to a column it will be divided into different sections when you move a work item to that column.

Like
testhelpdesk
testhelpdesk
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 1, 2026

Hello, 

Since the only difference between the 2 groups (the first one that could view and edit only their own requests with the second one that was recently added and could view and edit everyone's requests), was that the second group belonged to an organization, I finally removed them from the organization and everything went back to normal.

Thank you for your contribution.

 

Regards,

Aggeliki K.

  

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security