Hi Community,
I've encountered a peculiar issue with Jira Service Management (JSM) portal visibility, and while I've found a solution, I'd like to understand the "why" behind the observed behavior, particularly regarding the interaction between permission schemes and JSM portal visibility for external customers.
Context:
We are running Jira Cloud
Our external customers (users with JSM accounts) were able to see all available service portals in the Help Center, rather than just the ones they were explicitly customers of.
Relevant Configuration before the fix:
Shared Permission Scheme across projects:
"Competence Center" Custom Field:
This field is a Select List (single choice) type.
It contains a list of 10 internal agent groups (e.g., "Group A", "Group B", etc.).
This field is used during a workflow transition (for escalation), and the selected group value is then copied into another field, a Group Picker (single group) called "Competence Center Variable".
CRUCIALLY: Our external customers do not belong to any of these 10 agent groups, nor to any other groups that might overlap with the "Competence Center" groups.
JSM Portal Configuration:
The Problem and the Solution Found:
Despite customers not being in the "Competence Center" groups and portal settings being restrictive, a customer reported seeing all portals.
I resolved the issue by removing Group Custom Field Value (Competence Center) from the "Browse Projects" permission in the permission scheme. After this change, customers correctly see only the portals they are explicitly added to as customers.
The Question (the "Why"):
My main question is: Why did granting "Browse Projects" permission to Group Custom Field Value (Competence Center) cause the extended portal visibility for external customers, even though customers were not members of those groups, and portal settings were restrictive?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.