Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,297,434
Community Members
 
Community Events
165
Community Groups

Portal Project access

Edited

Hi all,

 

A customer of mine is in the process of deploying Jira Service Management DataCenter.

JSM will be used for ITSM and ESM usecases.

A couple of service projects and one ITSM project will be on the portal.

Different groups of people will have access to different projects.

 

 

About Portal access.

There is a Manager Space project that will contains all services that are specifics to manager. Only Managers will have access to this specific project.

 

My understanding is :

If you choose to configure the project's customer permission as : "Customers who are added to the project", you will need to add each person you want to have access to this particular project as a customers.

 

If you choose to configure the project's customer permission as : "Customers who have an account on this Jira site", everyone with an account in this instance will be able to submit request in this project.

 

 

Now the question : If we have 1.2k managers, do I need to add 1.2k persons as customers in my project ? I tried to remove "Browse project" to the security type "Service project customer - portal access" and give it to the role "Service Desk customers" and adding my jira group that contains all our managers in the role "Service Desk customers" but I keep getting a critical permission error. Configured like this, it seems like I have the correct behaviour but the proeminent critical warning is getting on my nerves. If I want to stay by the ootb setup, I'll need to add customers. Is there a way to add customers to a project or an organization based on group membership other than with a script?

 

Thank you,

 

 

 

 

 

 

2 answers

1 accepted

4 votes
Answer accepted
Mark Segall Community Leader May 20, 2022

Hi @Pier-Olivier Tremblay - You are correct about customer permission settings.  That is the most crucial part of this. 

For your managers, it depends upon whether their accounts are managed by your company or not:

Company Managed

This means that you have the ability to create unlicensed atlassian accounts for them on your instance via SSO or through site administration.  In this scenario, they can be added to a group.  Then assign that group to the Service Desk Customers role on the management project.  From there, you only need to manage group membership.

Customers

In this scenario, they are truly not controlled by your company and there isn't much you can do about having to add each one-by-one.  The only option, If there is no issue with privacy, is that you could add them all to a single organization and add that organization to the project.  NOTE - They would have access to every request raised on that project.

Mark Segall Community Leader May 20, 2022

One last note:

I tried to remove "Browse project" to the security type "Service project customer - portal access" and give it to the role "Service Desk customers" 

This shouldn't be necessary

Thanks for your answer. They are company managed account. And the Service Desk customers role is configured with their group. But everyone is still able to see the project. 

Do I need to configure the customer permission as : “Customers who are added to the project” and add nobody as customers for the role membership to come into effect ?

Whoops not legged in with the correct account on my cellphone but still the same guy.  

Ok so tested my assumptions based on your comment and it does the trick.

 

You need to configure the customer persmissions as : Customers who are added to the project

 

You need to add the group containing your managers to the "Service Desk customers" role.

 

In the end, the role "Service Desk customers" is nowhere to be seen in the permission scheme but users having this role will have the permission given by the access type "Service project customer - portal access". 

 

This is not clear at all and as far as I am aware absolutely not explained like this in the doc but it works.

 

Thank you man

Like Mark Segall likes this
1 vote
Brant Schroeder Community Leader May 20, 2022

@Pier-Olivier Tremblay in addition to what @Mark Segall shared if you know all the manager's email addresses you can use the Invite Customers Link and specify each Email Address for New Customers (space-delimited for multiple addresses; eg email1@domain.com email2@domain.com etc.

If you are unable to create a group as Mark suggested but you have access to and application with the manager's emails you could create a simple app that uses the REST API to create customers.

Thanks for your help @Brant Schroeder , I am able to create a group so Mark's suggestion is working fine.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

Coming Soon: Insight Changing to Assets

The 2020 acquisition of Mindville added powerful asset and configuration management capabilities to Jira Service Management in the form of Insight. Following the completion of that integration, custo...

97 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you