Revoke Service Management access from Trusted users

Thanks, I think this is definitely something I'll have to clean-up, and figure out essential permissions.

This did it. Thanks!

Did that reduce the count on your subscription?

I have the same problem. I have two groups assigned to Jira Service Management. There are three separate user accounts in those, yet despite this it's showing my subscription count as four users because I have a separate trusted user who isn't and shouldn't be allocated to the product.

@Tim Pokorny - You should check both assigned user groups and assigned admin groups at the product access page.

@Darshan Mandhane I have done this. The user is not in any user group or administrative group that has any permissions relating to JSM. 

I suspect the user has no access to the app, BUT, they are consuming a license. I can't see how anyone can have gotten this working. Perhaps it is because I am on the Cloud site?

The user is listed as having app access on their account profile, but the slider to turn this off is disabled. It will not enable unless I drop them back to a Basic User. However, this particular user is a member of our support staff responsible for provisioning and decomissioning accounts. They require the ability to add/remove accounts and access, but not the ability to access all the products themselves. 

I've had two emails from Atlassian Support now, both providing generic information of absolutely no use. From the controls I am looking at, I can't see how it is possible to have a Trusted User not consume a license to a product, regardless of whether they have access.

@Tim Pokorny 

Every Trusted User has been granted access to ALL of the software on the Cloud-based system/instance. So Trusted users are by default added to the Service Desk license Count and there is NO WAY to remove them unless you make them basic users. I know that's very poor logic.

I would suggest you should make use of the basic user type and grant the administrative permissions through exclusive groups instead.

@Darshan Mandhane You are indeed right by the looks of it. I think based on advice from support I can drop the user back from Trusted to Basic (which then allows me to remove the app directly from the user), and then I can put them in the site-admins group which should give them access to create/remove user accounts, which is the primary reason they were a Trusted User prior. Fingers crossed! Thank-you for the advice.

Following up here with what looks to be the result.

The short answer is that every trusted user will automatically consume a license of every product that you have. If you have support staff who just manage accounts but don't use the products, it does not matter, you have to give them a license to the product and pay for that, even though it will never be used.