Can Security Levels work to limit visibility of issues in the Service Desk portal? Edited

I have a Service Desk portal - with issues separated as expected using Organizations.  I also have customers that access the same issues through JIRA (not the service portal), using Security Levels to limit their issue access.

My question is, is the Atlassian plan to use Security Levels somehow with the Service Portal or should the Security Level and Organization be thought of as completely separate security models (one for JIRA and the other for SD)?  

I am currently taking advantage of the feature (bug?) ..  that removing "Service Desk Customer - Portal Access" from a Security Level, removes access for all portal users, except those that have access to the Security Level.   This could both be considered as a feature and a bug ... :)

1 answer

1 accepted

This widget could not be displayed.

Think of them as completely separate security models, because they are.   I can understand why you might consider these to be similar, they do provide similar functions within JIRA.    But the documentation on Customizing JIRA Service Desk permissions explains what this Service Desk security scheme does.  From Customizing Jira Service Desk permissions:


In addition, if the service desk project uses an issue security scheme, make sure that it is configured so that service desk users can view issues. Otherwise, customers might be able to create issues but not view them after they've been created. See Configuring issue-level security

By default, no projects in JIRA automatically use an issue level security scheme.   Not even Service Desk projects.   But Service Desk projects do have a way to separate access to issues for Service Desk customer only users.  These users only have access to the customer portal, which in turn is only showing issues that they are the reporter, or where they have been added as a requested participant, or possibly issues that have been shared with their organization.

Yes I believe you could further restrict user access to specific issues in the customer portal with an issue level security scheme.  But I'd recommend being careful with doing so.   I could foresee scenarios where customer portal only users might be able to create issues, but then never see them because they lack the security level assigned to the issue, or possibly they could be prevented from creating issues altogether.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

84 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you