I already asked a similar questions some days ago, but now the specifics have changed a bit and I would like to rephrase.
The problem we have is that we cannot allow all customers from an organization to automatically see all issue of that organization. Per default configuration all issues will be shared to everyone if the reporter is member of a organization.
Simply stated we have a problem regarding confidentiality of the created issues. Example:
A manager of a customer creates an issue informing us of an upcoming termination of an employee of theirs. With the default configuration the employee could just login to our service desk and see that he is about to be fired. He could then damage the company in some way, knowing he is about to be let go anyway.
Just one of many examples, but in my opinion it is only logical to restrict the normal employee form viewing tickets that a manager or director put in.
Now, I know about issue security schemes and I also know we could set them manually if we see a confidential issue popping up. However, from a management perspective it is just not possible to keep on top of 100-200 issues/day with 30+ customers reporting them.
So what we tried was to create an issue security scheme which restricts all issues to be view able by the reporter only. This works in the sense that members of the same organization can no longer see it in the service desk. However, we then run into this bug: https://jira.atlassian.com/browse/JSDSERVER-3507
So setting that security scheme works at first, but as soon as someone tries to comment (via email) an issue where he is not the reporter AND tries to add an attachment (even just a picture in a signature) the comment gets rejected.
So going forward I thought about possible solutions:
So I would like to ask you guys if you maybe know of a different solution. If there is none then I'm leaning more towards number 3.
Thanks for all responses in advance!
You can achieve this using a combination of Jira Service Desk custom permission schemes, to create, edit and view issues in a JSD project. See: https://confluence.atlassian.com/servicedesk023/using-custom-permission-schemes-733938772.html, in combination with using an Issue Level security scheme, see: https://confluence.atlassian.com/adminjiraserver073/configuring-issue-level-security-861253265.html
The risk here is that you accidentally set a too restrictive set of issue level permissions and customers are not able to access their own reported issues. You should always check that:
Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events