Hi Aleksandr Avey,

Thanks so much for your question. I would like to assist you.

Based on your description of the problem, I assume you would like to avoid customers' requests from being accessible (by default) by other customers (who potentially can try to visits these requests by changing browser URL).

If my assumption is correct, some of your customers who experience this symptom might belong to one organizaion. And according to our documentation (https://confluence.atlassian.com/servicedeskserver0411/adding-request-participants-1021224156.html#Addingrequestparticipants-Addparticipantsinthecustomerportal), “if a customer belongs to only one organization, the request is shared with it by default unless you have changed the default settings to keep all new requests private.”

You can upgrade your JSD instance to version 4.7.x or 4.8.x, when this default sharing behavior was changed, as documented in https://confluence.atlassian.com/servicedesk/jira-service-desk-4-7-x-release-notes-987143432.html#JiraServiceDesk4.7.xreleasenotes-privateKeepingyourrequestsprivate.

If you’re on version 4.9.x+, please refer to https://confluence.atlassian.com/servicedesk/jira-service-desk-4-9-x-release-notes-1005326200.html#JiraServiceDesk4.9.xreleasenotes-sharingiscaring for how to change the default configuration of the sharing behavior.

For a history on how similar symptoms reported were fixed, please refer to this public Jira ticket: JSDSERVER-4382 - Allow turning off sharing request with Organization by default when a customer is part of only 1 organization CLOSED

If you have questions regarding management of customers within organizations, please refer to https://confluence.atlassian.com/servicedeskserver0411/setting-up-service-desk-users-1021223946.html#Settingupservicedeskusers-Whatisanorganization?

If my assumption is incorrect, please feel free to clarify your question.

Martin

Jira Service Desk

P.S. if this answer is correct, please select the ‘accept answer’ button