I am a bit confused. We are using JSW and JSD. All our stuff is licensed in JSW but there are only a few employees with agent accounts in JSD.
I added one of our employees as service desk customer (not in the role service desk team and without application access) in a JSD project, because he is 1st level support at our customer's site and creates tickets in JSD for our 2nd level support.
Now he send me a screenshot where he is in the jira portal view of the JSD and asks me why he connot see the dashboards... How did he get there without being an agent?
So I checked his profil under administration --> user management and for whatever reason he actually has application access activated and is an agent, now.
How could that happen? I am the only administrator working right now. Does JSD automatically create agents??? O.o
We had a similar situation before, at that time I had this suspicion, too, but I have rejected it again. I thought another administrator could have created these agents, but right now, there is no other administrator than me.
Thanks in advance.
soooo we had a few new agents that blocked our work because of exceeding our max number of lincences. But again we had the case, that none of us has assigned these users to be agents.
Now I have found the super handy Audit Log in JSD! I don't know, why I haven't seen that before, that would have made it a lot easier. ;)
As you can see, it really is JIRA adding these users to the group jira-servicedesk-users and therefore automatically made them agents!
In this case these users are members of our company and already working with Jira Software. The user management itself is made by our LDAP user directory. But they are NOT in any project in JSD.
They have randomly found the link to JSD in our confluence, they wanted to try it out and logged in.
This behaviour of JSD is NOT PORTABLE as it might exceed our licenses again, so other agents cannot work anymore!
So the question is, is there a way to stop that? Can I somehow disable this strange behaviour?
Thanks in advance!
Hi HK, I do not know how you added your customer, but if you did thourht the normal jira user administrations some groups are added by default and with them agents permission.
You shold check in your jira groups if some of them are marked "Default" wich means, that anybody you create on the site would be given permission in that group.
Our stuff is managed via LDAP. But per default they do not have application access. This (normally) has to be done manually.
I added the employee in the project settings of the specific project. Under users and roles, I added him to the role "SERVICE DESK CUSTOMERS" and also added him to the customers organization.
In the user management I have not found any jira groups marked as "Default".
Hi HK, do not search in user management, if you go into Application -> Application access, there you are going to be able to see the groups that are linked to acces to applications, check groups that the user is are not there because if the user is in a group that is linked to application access he is going to be able to acces Jira (for example jira-users).
thank you for your explanation. The user is/was not in any of these groups under Application -> Application access when I added him to the project. In fact, he is in no group at all.
After he has send me the screenshot and I realized he suddenly is an agent, he was in the jira-servicedesk-users group. I removed him again. We will see if he mysteriously gets in there again :P
No, JSD doesn't automatically create agents account.
You as the JSD admin can manually add agents to the role of Service Desk Team OR Invite them in which they'll be added to the SDT role.
In addition, agents can have licenses in order to work on tickets and comment on tickets. Agents can also NOT have a JSD license and still work on issues, however, their functions will be limited on what they can do on a ticket. E.g, they won't be able to comment on a ticket externally but internally.
It happened again... I wanted to let a JSW user (developer) have a look into a JSD ticket/project. I added him to the role Service Desk Team as mentioned in "Setting up service desk users" and checked twice that he has no JSD agent account!
After he logged in to JSD I checked his account again. The checkbox application access to JSD was activated. So he automatically got an agent!?
@H K, can you please reference the exact text from the link you provided that is directing you to use Service Desk Team for your developers? Service Desk Team = agents, at least this is the case in Cloud and I suspect the same in server. Are you using cloud or server?
here is the text segment:
Involve Jira Software or Jira Core users
You can give users with Jira Software or Jira Core licenses permission to view and comment on service desk issues without a Jira Service Desk license.
To involve Jira application users:
- In your service desk project, select Project settings () > People.
- Add users to the Service Desk Team role.
For example, Martin, an IT service desk team agent, links an incident ticket in a service desk project to an underlying network problem ticket in a Jira Software project. Andrew, a Jira Software developer on the network operations team, assigns this network issue to himself and starts working on it. After fixing the problem, Andrew opens the linked service desk incident ticket and leaves an internal comment asking Martin to try the network connection again. After receiving the internal comment, Martin verifies the network connection and tells the customer that the problem is resolved.
HK, thanks for this. So it certainly appears that I am wrong here based upon this text. I will say that the user roles is one of the most confusing parts of JSD and this is particularly true in Cloud where it has changed a few times now since launch.
Can you confirm if you are on cloud or server? You can add the appropriate tag to this thread to clarify. Always good to include that info.
I ran a test on my side to see if I can replicate your scenario. I added one of my customers to the Service Desk Team role. I noted that indeed under User Management they are not listed as an agent. I then requested that they log out and back in to see if they suddenly became an agent. It did not change.
So i'm perplexed by this at the moment and am going to dig in a bit more, starting first w/ locating definitions of the roles I see in my instance. I'm also going to ping some other champions/atlassian's to see if they can chime in here.
Thank you a lot for your commitment, @Jack!
I am using JSD server version 3.8.2. I will add the tag.
In your test your customer is also in JSW? And was your customer able to see the Jira portal or only the customer portal?
As I understand the text, they should be able to use the Jira portal without being an agent. Because they should be able to write only internal comments.
I have unchecked the box for application acces to my developer. After that he was still in the role Service Desk Team but was only able to get to the customer portal. There he was not able to see any ticket in the project - of course, because he is not in the customers organization.
Maybe I need to try the role Developer instead. This would make sence even if the text says something else.
thanks HK. Yes my user was a JSW user as well. I don't know what you mean by "Jira portal" there is only the customer portal. In any event I did not have them do anything other than log out and back in. TBH, i'm really trying to understand Project Roles and how they differ from a Group.
Can you look at your Permissions for this project and add a screenshot here. I'm interested in seeing what permissions the Service Desk Team has. In particular does Service Desk Team appear on 'agent' actions. A users abilities in a project are driven by the Permissions.
by "Jira portal" I mean the view of the agants. It is like the view in JSW where you have Dashboards, Reports, issue filters etc. That is why I call it "Jira portal". The restricted view for our customers (announcements, create request types, search bar for knowledge base, view tickets with almost no filters) is what I call "customer portal".
So customer portal for customers, Jira portal for agents and probably for these ominous JSW users that should not be agents ;-)
Okay so to my permissions. I nearly use the default permissions so the role "Service Desk Team" is almost in every permission.
AND I noticed the existence of the "Service Desk Agent" permission only now!
Of course this permission is granted to the role Service Desk Team. That is also the default and so you are right Service Desk Team is intended to be for agents! This seems to be the problem than!
But what I don't understand is, that the document by Atlassian about how to "Involve Jira Software or Jira Core users" does not give a hint on that contradiction.
Sooo... I will try that out again. I will use another role and edit the permissions for this role!
Thank you @Jack for this important hint!
Hi HK! As for terminology you should refer to the agents view as simply the application view or agent view rather than portal so as not to confuse with customer portal.
Regarding your observations for sure this area is confusing. I’m going to continue to investigate and understand this include reaching out to Atlassians if possible. Ultimately once I have a good understanding I’m going to write an article for the Community that hopefully will help clear the fog for others.
Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events