Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,991
Community Members
 
Community Events
168
Community Groups

Portal limitation based on customer

Dear community, 

I have jira soft and service Mgt, both are on cloud. 

I set up a new service project for one of my customer. I also set a portal with a specific portal group, a specific organization, and add my customer external email address / user in it. 

After the external customer email notification, "sign in" and connexion, I expected that he can access only to the only project he is declared on.

Unfortunately, removing the PORTAL_ID of the link he received by email: https://MYCOMPANY.atlassian.net/servicedesk/customer/portals/PORTAL_ID, he can access to :
https://MYCOMPANY.atlassian.net/servicedesk/customer/portals/ showing all my customer project and worst, he can access the forms to create tickets in the other projects.

Maybe dear community, you may help me to find a customer role or other administration stuff in order to block that strange behavior ? 

Thanks a lot in advance for your appreciated help ;-)

1 answer

1 vote
Mark Segall Community Leader Sep 08, 2022

Hi @Gaston Him - This is an easy fix 🙂. Navigate here for each of the JSM projects:

https://YOURINSTANCE.atlassian.net/jira/servicedesk/projects/YOURPROJECTKEY/settings/customer-permissions

Make sure the Service Project Access is set to:

Customers added to this service project only by agents and admins

Hi Mark, 

Thank you for your answer, my bad..... I have to go to single each project and set it as you said... ;-)

I'll try and let you know.

Hi Mark, you're the Best !!

Thanks a lot. 

I just have an issue modifying the customer permission on one of the projects: 

ERROR: 1T9Z77V. I will check in the other thread if I can have a hint on this issue. 
Like Mark Segall likes this
Mark Segall Community Leader Sep 08, 2022

Happy to hear it's working for you.  The error is a head scratcher though.

The solution was perfect. 
The error was due to a missing role on my user for this project. As site Admin, I add an admin role to my user on the project and it works fine finally. 

Regards, and thanks again

Like Mark Segall likes this

Hi dear community, 

I'd like to ask you if you have a simple solution to configure a customer portal to let the customer see all his project or organization's tickets. 

I have changed the param as described by Mark (see above) and now the view is restricted to not only the project but also to the user. Now the customer can see only his own tickets (reporter = his user) and not the other ones and mine (admin / servicedesk) for instance.

In fact, I want enable transparency and let him see all the project's tickets through the portal.

Any good idea will be appreciated ;-)

Thanks in advance, and have an awesome day ahead.

Mark Segall Community Leader Sep 23, 2022

Hi again, @Gaston Him - To confirm, your preference for this project is to let everyone see all issues through the portal?  This is not really how it is designed, but you have a couple approaches that you can take:

Let me start by first saying that in my experience, most portal customers don't have the bandwidth (or care) for viewing every issue - Only the ones that matter to them.  Here are a few approaches you can consider:

Empower Customers to Share with anyone

My first recommendation is to expand customer sharing on the project in question:

https://YOURINSTANCE.atlassian.net/jira/servicedesk/projects/YOURPROJECTKEY/settings/customer-permissions 

Under Customer Sharing, select the option:

Customers can search for other customers within their project or organizations

This will empower customers to share issues with anyone on the project.  So, if someone explicitly asks for access to an issue the customer can add them or your agents can add them.

Automatically add individual customers as participants

I must caveat that I have never done this in bulk and I don't see any documentation on limits for how many you can add so you may run into limitations.

You can statically set individuals as participants on every request using automation:

  • TRIGGER: Issue Created
  • ACTION: Edit Issue
    • Request Participants - Add all of the desired customers who would be static participants on every request.

Considerations for this approach:

  • Maintenance overhead - You would have to update the rule every time a customer on/offboards
  • Limitations - I can't stress enough that this would probably not be a good approach for more than a handful of customers that truly need access to every created request

Slack integration

If your organization uses slack, Jira cloud has some nifty native integration where you could have a single #ask-channel that links to the portal.  All of the threads within that channel would correspond to an issue and are open to everyone with access to the channel visibility into all activity.

Like Gaston Him likes this

Hi Mark, thank you for your reply. 

Yes my approach is, for example, the customer's CIO, who requests to have the possibility to view all the issues of all his projects. 

I mean that this customer is handling several projects on which my team is working on. 

In my hierachy, I set 1 Jira project associated to the customer level, and 1 epic per project. There is no internal confidentiality on the customer's side.

Currently, I've tried your 1st solution, and it seems that through the portal, the customer cannot see the tickets. Certainly, because I created the tickets, as an admin, and my user is not associated to the organization....

Maybe, I have to change the creator of each issue so the project parameter can stay as it is now? But it is not the option I will choose as I cannot distinguish the one created by the customer and the one created by my team.

Any advice?

Thx for your help. 

Have an awesome day ahead.

Mark Segall Community Leader Sep 26, 2022

When it comes to JSM, it's always best practice to capture the actual reporter even if they're not the one to actually raise the request.  To distinguish between customer and agent, you would use  creator in your JQL.

Yes, I know that, but how can I give access to this CIO to all the issues ?
Is it a better solution to add my user in his organization ? 

Thanks in advance for your help.

Regards.

Mark Segall Community Leader Sep 26, 2022

That is an option and I don't see any issues given the customers have been isolated by project.  You could also go with either of these options:

  1. Bulk change the reporter
  2. Add the CIO as a participant on all existing issues.  Unfortunately, there's no way to do it in bulk (there are a couple open suggestions for being able to bulk edit or import).  So, you'd have to do this manually.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS

Atlassian Community Events