It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Disable automatic sharing of issues within an organization

Hi everyone,

I already asked a similar questions some days ago, but now the specifics have changed a bit and I would like to rephrase.

The problem we have is that we cannot allow all customers from an organization to automatically see all issue of that organization. Per default configuration all issues will be shared to everyone if the reporter is member of a organization.

Simply stated we have a problem regarding confidentiality of the created issues.      Example:

A manager of a customer creates an issue informing us of an upcoming termination of an employee of theirs. With the default configuration the employee could just login to our service desk and see that he is about to be fired. He could then damage the company in some way, knowing he is about to be let go anyway.

Just one of many examples, but in my opinion it is only logical to restrict the normal employee form viewing tickets that a manager or director put in.

Now, I know about issue security schemes and I also know we could set them manually if we see a confidential issue popping up. However, from a management perspective it is just not possible to keep on top of 100-200 issues/day with 30+ customers reporting them.

So what we tried was to create an issue security scheme which restricts all issues to be view able by the reporter only. This works in the sense that members of the same organization can no longer see it in the service desk. However, we then run into this bug: https://jira.atlassian.com/browse/JSDSERVER-3507 

So setting that security scheme works at first, but as soon as someone tries to comment (via email) an issue where he is not the reporter AND tries to add an attachment (even just a picture in a signature) the comment gets rejected. 

So going forward I thought about possible solutions:

  1. Somehow disable the automatic sharing of issues within an organization, maybe with an add-in.
    1. Removing the organization from the issue does not work for us without reworking all of our SLA rules.
  2. Disable the helpcenter somehow to prevent users from logging in and creating/seeing issues.
    1. This would allow us to keep the default configuration since only customers who know the issue number or have a JIRA recognized mail-thread can comment.
  3. Delete all organizations and group customers differently. Rewrite all SLA rules. Remove issue security scheme.
    1. Essentially we "convert" each organization into a group manually and rewrite the SLA rules to check if the reporter is in a given group to set the correct response time as defined in the respective contract.
    2. Issues would no longer be shared and therefore not be displayed in the helpcenter for everyone but the reporter and manually added customers because we eliminated the organizations. 
    3. What I am not sure about is if everyone will be able to comment on every issue if the issue number is known. I think it should be possible if I grant the "anyone" group the add comment permission in the project permissions.

So I would like to ask you guys if you maybe know of a different solution. If there is none then I'm leaning more towards number 3.

Thanks for all responses in advance!

1 answer

0 votes
steve Atlassian Team Apr 11, 2018

You can achieve this using a combination of Jira Service Desk custom permission schemes, to create, edit and view issues in a JSD project. See:  https://confluence.atlassian.com/servicedesk023/using-custom-permission-schemes-733938772.html, in combination with using an Issue Level security scheme, see: https://confluence.atlassian.com/adminjiraserver073/configuring-issue-level-security-861253265.html

The risk here is that you accidentally set a too restrictive set of issue level permissions and customers are not able to access their own reported issues. You should always check that:

  • Service Desk Team is able to view issues and browse them, change assignees, etc.
  • Users are able to view issues they are assigned to, or participating on.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Service Desk

Tell us how you've implemented Change Management

Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...

336 views 0 7
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you