Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict internal users to see only certain organizations' tickets?

Yura Hayrapetyan
Yura Hayrapetyan September 20, 2022

Hi guys!

expected result: In Jira Service Management I want to allocate internal users into organisations so that each internal user can see and edit tickets that belong only to their organisation.

Current result: Internal users are not able to see tickets reported by them + the tickets of their organisation, instead they see only all other tickets created by other internal users from other organisations.

Steps I have already taken to solve this: I have created security levels in security schemes and chosen certain internal users that need to be included in automation. 
Then I allocated each internal user to their corresponding organisation ( adding customers in organisations). Then I have created an automation (screenshot attached).

Please advise guys which parts I am doing wrongly or maybe I missed something?

 

Answer
Watch
Like Be the first to like this
1629 views

4 answers

2 accepted

2 votes
Answer accepted
Mark Segall
Mark Segall
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2022

Hi @Yura Hayrapetyan and welcome to the community!

Adding users to organizations should be sufficient.  I would make sure that the project's permission scheme - Browse Projects permission isn't too loose.  By default it should only be open to:

  • Project Role (Administrators)
  • Project Role (atlassian-addons-project-access)
  • Project Role (Service Desk Team)
  • Service Project Customer - Portal Access

If you have say, "Any logged in user" set here, that would be a big no no that would override any type of portal permissions that you're trying to establish.

View More Comments
Yura Hayrapetyan
Yura Hayrapetyan September 20, 2022

hi @Mark Segall
thanks for the prompt response. The permission scheme is not loose. it is set like you  just described.

Like
Reply
0 votes
Answer accepted
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2022

@Yura Hayrapetyan -

Welcome to the community.  To supplement what @Mark Segall mentioned, one thing that you mentioned in your ask was "Internal users see and edit tickets" which I am a bit concerned - What do you mean by internal users?  + what do you mean by edit tickets?  In general, JSM issue editing are only performed by Agents (users with JSM licenses).

Please advise/clarify.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Infrastructure Applications Team

Viasat Inc.

View More Comments
Yura Hayrapetyan
Yura Hayrapetyan September 20, 2022

Hi @Joseph Chung Yin
Thanks for your quick reply. By internal users I meant agents indeed. I just managed to understand root cause of "agents do not see their own created tickets" which was resulted by the added security levels. 
to sum up - I have added a,b,c,d agents (company employees) to x,y,z organizations (clients) under a common Jira Service Management project. But all agents can now see all tickets of the project. Instead, I'd like each agent to see/edit tickets only of the organization to which they belong to. 

Like
Mark Segall
Mark Segall
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2022

Thanks for the clarity @Yura Hayrapetyan  and nice catch @Joseph Chung Yin.  Organizations are only meant for portal users.  They have no impact on your agents.  Agents will have access to all issues in the project by default.

You can go the route of issue level security, but you'll need to revisit your whole permission scheme.  Here's a step-by-step on issue level security:

https://support.atlassian.com/jira-cloud-administration/docs/configure-issue-security-schemes/

Another option you may want to consider is setting up separate JSM projects for each team.  It would probably be the easiest method for segmenting the work.

Like
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2022

@Yura Hayrapetyan -

Based on my understanding that Agents (by default) will see all issues within a project.  I would recommend that you setup your issue security security level with individual level - one for each organization.  Within those security level include only the specific agent that supports each organization.

NOTE - You should also need to check the customer permissions "Customer sharing" option associated with your project (via Project settings >> Customer permissions) to ensure that it is set to "Customer can search for other customers within their organization".

Hope this helps.

Best, Joseph

Like
Yura Hayrapetyan
Yura Hayrapetyan September 20, 2022

Thank you @Joseph Chung Yin@Mark Segalllthough I have set the issue level security as mentioned above, and I configured an automation for it already but it did not work, I will have a look again at your shared articles and reflect back asap.

p.s. please see attached the screenshot of the automation I configured eariler

Screenshot 2022-09-20 at 20.46.18.png

Like Digvijay likes this
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2022

@Yura Hayrapetyan -

Can you provide more information on "it did not work"?  

I assumed your security levels are setup, so each one of them only calls out the specific Agent?

Best, Joseph

Like
Yura Hayrapetyan
Yura Hayrapetyan September 20, 2022

The security levels are setup and In each organization there are at least 3 agents, and some of these agents appear in other organizations as well. In Automation I setup for each organization there is a separate security level calling out, but still cannot achieve the expected result

Saying did not work I meant I kept receiving some errors: Actor does not have permission to view one or more issues, or the issue was deleted (please check permissions and issue security levels):

Like
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

hi @Joseph Chung Yin @Mark Segall I have checked the automation and security levels, still the problem is not solved, can you please advise the further possible steps ? Thanks!

Like
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 21, 2022

@Yura Hayrapetyan -

For your automation rule, you must add the rule actor as a member to your issue security configuration for each security level that you established.

So each security level will include the automation rule actor in the call out.

Hope this helps.

Best, Joseph

Like
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

thanks @Joseph Chung Yin  for your quick response.
It did help, now I managed to restrict the agents by organizations, however as a result I got into another problem: the customer that creates a ticket from the portal cannot view it, and I receive an error in automation.
Can you please help me on this as well?
Thanks!

Like
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

this is the error I receive now in automation : 

Action details:
Actor does not have permission to view one or more issues, or the issue was deleted (please check permissions and issue security levels
Like
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 21, 2022

@Yura Hayrapetyan -

In your Issue Security configuration, did you include "Reporter" call out for the security level definition?

Best, Joseph

Like
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

Screenshot 2022-09-21 at 16.02.03.png
@Joseph Chung Yin no I did not, in fact I have only chosen "group" call out for every security level

Like
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 21, 2022

@Yura Hayrapetyan -

When setting up Issue Security configuration, it is always recommended to add "Reporter" to the call out.  

Best, Joseph

Like
Reply
0 votes
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

Thanks @Mark Segall and @Joseph Chung Yin , you helped to to solve the problem guys!

Reply
0 votes
Yura Hayrapetyan
Yura Hayrapetyan September 21, 2022

hi @Joseph Chung Yin @Mark Segall I have checked the automation and security levels, still the problem is not solved, can you please advise the further possible steps ? Thanks!

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events