Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

FATAL: Service Desk customers can access other customer's portal!

tash_macnica
tash_macnica
Contributor
December 4, 2015

I intentionally put this question a shocking title for JIRA developers to pay attention  This might be a similar one of "On the Service Desk portal page, how do I hide the "Help Center" link from users?" but I'd like to emphasize that this is really so serial problem on utilizing JIRA Service Desk for multiple 'customers'.

Currently, any Service Desk Customers can access the Help Center and browse list of all customer portals for other customers.  And furthermore, incredibly, one can create a request in that portal for another customer.  We and of course our customers never permit this 'wrong' behaviour and need secure separation of one's own portal from any other customer's.  Specifically speaking, we are eager to forbid our Service Desk customer strictly to access contents below:

  • Help Center - https://<domain_name>.atlassian.net/servicedesk/customer/portals
  • Other sutomer's portal - https://<domain_name>.atlassian.net/servicedesk/customer/portal/<number for others>

How can we do this?  Or shall we give up JIRA Service Desk and migrate to Zendesk?

Answer
Watch
Like # people like this
21241 views

7 answers

1 accepted

4 votes
Answer accepted
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 4, 2015

Hi Mamoru,

did you setup specific project roles for each your project as escribed here https://confluence.atlassian.com/servicedeskcloud/setting-up-service-desk-users-732528877.html ? 

You should be able to give project visibility per customers just defining users to "Service Desk Customers" role per project. Please, take care that your customers are not defined in any group that are associated to "Service Desk Customers" role for other projects.

I performed a test on my instance and if a customer try to access another customer portal he have the following alert :

image.png

If a customer does to the list of all service desk projects https://<domain_name>.atlassian.net/servicedesk/customer/portals he can see only project in which he has been defined as "Service Desk Customers".

hope this helps,

Fabio

Reply
1 vote
Cédric Bounameaux
Cédric Bounameaux
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 7, 2017

Hi all,

Any progress made ? Goal is to hide one customer's SD from another by hiding the help center link, while keeping access to the different service desks public. Possible? 

Blocking access to each service desk per customer as offered in the Jira Service Desk options would mean syncing all user databases beforehand, not quite handy.

So why not just hide that "help center" link to separate different clients without bothering them to register an account?

Reply
1 vote
jaccovanderpost
jaccovanderpost July 1, 2016

This has not been solved at all. JIRA Service Desk 7.1.8

Steps to reproduce:

  1. Create 2 projects
  2. Set for both projects Request security on Only people on my customers list can raise a request
  3. Create an user without Application access for JIRA Service Desk
  4. Add for only 1 project the user to a role service desk customer
  5. Login as the customer in the customer portal and click on Help Center. The customer can now access and create issues in all portals.

This bug makes this product unusable. We do not want customers to see other projects!

 

View More Comments
tash_macnica
tash_macnica
Contributor
July 5, 2016

Hi Jacco,

Your referring version number '7.1.8' is one of native JIRA itself, not JIRA Service Desk plugin.

My issue of this case was already resolved and people think this case was closed.  Note that my case was an issue on the Atlassian Cloud, not on-premise version.

I think you better raise another item in Atlassian Answers or Support mentioning your JSD version with a bloody title to attract Atlassian's people;-)  And I expect a flaw of complaints on JSD's customer portal would move the busiest engineers of Atlassian in the world to improve it.

Thank you,

TASH

Like
John Walker
John Walker
Contributor
June 25, 2017

FYI

If, like me, you are looking at Service Desk and wondering if this is still an issue?

Jacco did raise another case. But, at current time, it appears unresolved.


Like
Reply
0 votes
Dan Cumings
Dan Cumings
Contributor
June 20, 2016

Has this been resolved yet?  We would like to have an internal vs exernal Service Desk.  i do not understand the point of having two portals if both portals are linked together via a help center.  I think the correct fix would be to remove the Help Center altogether so we can keep the different Portals seperate.  Also we should be able to modify the endpoint urls so that customers cannot guess what other portals are.

 

Currently you are limited to:

https://{companyIdentifier}.atlassian.net/servicedesk/customer/portal/1

and 

https://{companyIdentifier}.atlassian.net/servicedesk/customer/portal/2


It would be better if it was

https://{companyIdentifier}.atlassian.net/servicedesk/customer/portal/Internal

https://{companyIdentifier}.atlassian.net/servicedesk/customer/portal/HowCanIHelp




View More Comments
tash_macnica
tash_macnica
Contributor
June 20, 2016

Hi Daniel,

 

This issue was already resolved by Fabio and Phill's answer.

Unfortunately I cannot understand your point.  You better create another item in Atlassia Answers.

 

Thank you,

TASH

Like
Like
Henri Virtanen!
Henri Virtanen! June 21, 2018

I'm also looking an answer to this and made a similiar question concerning visibility and grouping portals here: https://community.atlassian.com/t5/Jira-Service-Desk-questions/Help-Center-amp-Portals-visibility-and-management/qaq-p/826311

Like
Dan Cumings
Dan Cumings
Contributor
September 28, 2018

I am not sure if this was ever resolved.  We have decided to move to zendesk instead for external customers.  We still use service-desk internally.

Like
Reggie Hunter
Reggie Hunter
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 23, 2019

Using: Service Desk Cloud Version

I have successfully figured out how to fully isolate all of our customers from one another in the Help Center.  Here's how I did it.

  • Go to your project's settings -> Customer Permissions
  • In the "Who can access the portal and send requests to The [Customer Name]?" section, use the "Customers my team adds to the project" option

Doing this will now hide this project from the pool of projects in the Help Center.  Once I did this for all customers, this meant that there were no projects visible now for my test user.  

Next, on the Customers page, add an 'Organization' (pretty much a group of people) to the project (if you don't have one already).  Now, any users that you add in this organization will only be able to access to the portal of the project(s) that they are included in.  

I really hope this helps someone out there as this has been a customer service nightmare for almost a year now.

Like # people like this
John Walker
John Walker
Contributor
September 23, 2019

Thanks for taking the time to write that up and share it. Handy information.

Like
Phoenix_Driver_Support_Jira_Admin
Phoenix_Driver_Support_Jira_Admin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 29, 2020

Reggie, doing this prevents external customers from being able to send in email requests. Unless you manually add all external customers to the project, this will not work. We have contact us forms that feed into this helpdesk. With these settings that you described, the contact form emails will not flow into the helpdesk.

Like # people like this
Reply
0 votes
Deleted user December 7, 2015

@Maroru,  Where do you find this screen(Request Security)?

When I go to the administration tab of my project I see this:

image2015-12-8 10:17:6.png

 

 

 

View More Comments
tash_macnica
tash_macnica
Contributor
December 8, 2015

Hi Heidi, I guess you should be a service desk admin to access that page. Thank you, TASH

Like
maccamlc_old_atlassian
maccamlc_old_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 9, 2015

Hi Heidi, Are you using JIRA 7.0.x and JSD 3.0.x or an earlier version? Matt

Like
Deleted user December 9, 2015

I'm administator. We use v6.4.12 and JIRA Service Desk v2.5.4

Like
Reply
0 votes
tash_macnica
tash_macnica
Contributor
December 6, 2015

Hi Fabio and Phill,

 

Yeah, it seems this shocking title hit;-)  Thank you for answering promptly.

Great, that's it, selecting "Only people on my customers list can raise a request" in the Request security setting of each project restrict the Service Desk customer to access the invited projects only.

Then I can continue to use JIRA Service Desk instead of Zendesk:-)

 

BR,

TASH

Request_security_to_restrict_customers.PNG

View More Comments
Carlo_Comincini
Carlo_Comincini
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 20, 2018

Doing this way you completely loose the ability to raise issues by email.

We have 5 servicedesk projects for 5 different customer companies.

We give 5 different email addresses to raise issues on their projects.

We need to allow users to view issues on the portal but we also need to make a customer from a company not to raise issues on another one project.

So we need to open the creation issues to anyone by email but not to navigate the first level of the customer portal.

Like # people like this
Dan Cumings
Dan Cumings
Contributor
June 20, 2018

The main problem is that they have access to each other portals.  It would be nice if we could isolate the portals from each other.

Like # people like this
Reply
0 votes
Phill Fox
Phill Fox
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 5, 2015

Hi Mamoru,

Your question seems to imply that you are not restricting access to your portals to users with credentials. 

If you refer to https://confluence.atlassian.com/servicedeskcloud/configuring-the-customer-portal-732528918.html and the section on managing access to your portal you will see that there are other options available to you apart from fully open public access. 

I believe you could use the second option 

  • Customers who appear specifically on your service desk project's customer list 

to configure for the problem that you are describing.

The place to set your access is described here https://confluence.atlassian.com/servicedeskcloud/managing-access-to-your-service-desk-732528940.html

Regards

Phill

 

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events