restrict service desk agent access to other project issues

Ok, so currently we have a general user assigned to each project's Service desk. For example "Project A" would have ServiceDeskAgentA. and "Project B" would have "ServiceDeskAgentB" both agents are a part of service-desk-agents groups as a result of being agents, which as far as I know is necessary, since literature suggests that JIRA apparently uses this group for licensing. Is there a way to restrict ServiceDeskAgentA from being able to see issues in "Project B"? 

2 answers

1 accepted

Hi @Carlo-Antonio Marin ,

You have to setup issue security scheme with rule for each group.

This will limit the visibility of issues to the relevant groups.

Hi @RPandyaram Thanks for your response. I think this will work. Kind Regs, CAM

I was able to limit service-desk agents from having visibility/access across service desks w/out having to modify issue security schemes.  I simply created agent groups for each service desk, then set the members of the Service Desk Team role in each service desk to the appropriate agent group.  Using your example Carlo, I accomplished this by...

  1. Making sure each agent is a member of the service-desk-agents group (for license reasons).
  2. Creating a projectA-agents group and projectB-agents group
  3. Defining the membership of the Service Desk Team role for Project A to be the members of the group projectA-agents
  4. Defining the membership of the Service Desk Team role for Project B to be the members of the group projectB-agents

That's it.  By defining the members of the Service Desk Team role for each project using project-specific agent groups, agents who are members of projectA-agents group can't see/access Project B, and vice versa.  I did not have to mess w/ the security scheme or permissions.  The permissions out of the box work fine.

 

Hi @Juan Peraza This is indeed how we currently have it set up, however while agents cannot see a Service Desk Portal/Board of another project, it can still see the underlying JIRA issues, eg AgentB can see Project A (PRGA-123) even though he is not part of the Service desk team on that project. Perhaps I'm missing something. Kind Regs, CAM

Hmm? I wonder if I did have to modify my permission scheme and I forgot that I did. I don't think I did. Take a look at the permission scheme for your Project A. Are the project and issue permissions defined such that only members of certain project roles have privileges? All of my project and issue permissions only allow members of certain project roles to have privileges. I don't remember setting these permissions manually. I think the permissions for Service Desk projects use an out-of-the-box permissions scheme suited for service desk projects. Almost all of my project and issue permissions only allow these project roles to have privileges - Administrators, Service Desk Team, Service Desk Customer - Portal Access. What does the permission scheme for your Project A look like?

I guess solution would be to restrict "Browse Project" permission to "Project Role" "Service Desk Agent".

So only users registered in that role can see/browse JIRA project and their issues.

Issue Security Level (and Scheme) is intended to segregate access to issues inside a project. I would not recommend it in your context.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Jun 14, 2018 in Jira Service Desk

How the Telegram Integration for Jira helps Sergey's team take their support efficiency to the bank

...+ reading Fantasy). The same is true for him at the bank he works for: Efficiency is key when time literally equals money. Read on to learn how Sergey makes most of the time he has by...

787 views 5 7
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you