I'm trying to restrict the ability to view and interact with tickets so that only the requester and request participants can see and interact with the ticket. (My agents should still have normal access, this is "customer side" or portal interaction.)
The default access allows anyone in the same organization to view all tickets from anyone in that organization.
This will allow us to keep tickets confidential from the customer side so only the requester and those that are added to the ticket as "request participants" can see and interact with the tickets.
After looking into similar requests, I started down the path of working up a custom security scheme but "request participants" is not an available role I can add to the scheme.
Any help that can be provided would be greatly appreciated!
By removing the "organization" from my users (I was auto populating it based on email address and removed that automation) I was able to effectively accomplish the same thing. Since there is no "organization" populated for the issue, only my agents, the requester, and anyone added to the "request participants" field can view the ticket(s).
Has anyone had success with this WITHOUT removing the Org. We use the organisation for reporting, and for understanding details about the account associated with the ticket so removing it isn't a good option for our workflow?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Tony Morrison
I have had success with using issue level or project level security to restrict the access. This document should get you moving on your way :)
Configure issue security schemes | Atlassian Support
-Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your reply Tim!
That was the guide I followed to try and get this going but it does not address the issue of not being able to use the "request participants" field as it is not available in the drop-downs as you go through the process.
That being said, I did find a way to accomplish this without having to do a specific security scheme.
By removing the "organization" from my users (I was auto populating it based on email address and removed that automation) I was able to effectively accomplish the same thing. Since there is no "organization" populated for the issue, only my agents, the requester, and anyone added to the "request participants" field can view the ticket(s).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.