Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Restricting access to all tickets within an organisation to designated users

Alex June 24, 2024

We're currently evaluating JSM for our service desk solution, but we have a very specific use case and I cannot work out whether what we need is achievable.

 

What we would like is the following.

  • Our product is installed on multiple client sites. We want to set up an organisation which will represent each client site, and allow any users in those organisations to raise requests.
  • Each user should be able to view the status of their own requests
  • For each organisation, there will be one or more "superusers" which can view all requests for that organisation, regardless of who made the report.
  • Users from one organisation (ie, one client site) will not be able to see requests from another organisation.

Our preferred workflow is that a user will submit a report via email. When this comes in, if that user is not a member of an organisation yet, we will add them to the appropriate one.

From that point on, the workflow should behave as above.

Is this possible with JSM? I can see a way to allow all members of an organisation to see all requests within the organisation, but I cannot find a way to restrict users to only see their own requests, while still allowing a more privileged user to see all requests within the organisation.

Many thanks

4 answers

2 votes
Jovin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2024

Hi @Alex 

This is standard operation for when you work with Organizations within JSM! Here are some configuration notes:

Note that you cannot restrict your Agents from sharing tickets to other organizations intentionally, without developing some automations to validate the organization added :) 

0 votes
Alex June 24, 2024

Hi @Rilwan Ahmed 

 

Thank you, that looks perfect!

I'll add that to my reading list, and hopefully this should be enough to get everything set up as we need it.

Many thanks

0 votes
Rilwan Ahmed
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2024

Hi @Alex ,

Make use of Issue Security scheme. You can add reporter, single user and other roles/groups as required. This will add restrictions to other users from viewing the ticket.

 

0 votes
Alex June 24, 2024

Hi @Jovin 

Thank you for getting back to me so quickly.

I'm reading those links you provided now, and it looks like exactly what we need.

When you mention agents sharing tickets to other organisations, I presume this is purely applicable to agents within our company? If so, we can manage this with working procedures.

Our main concern is making sure that if we have an organisation (say, Client Site A) that requests made by members of Client Site A can only be seen by the user who made the request, or by an admin user (a customer with additional permissions) associated with Client Site A.

The intention is that a senior staff member for each client site can view and manage requests made by their staff, but with the restriction that they cannot see any requests made from other client sites. I'm assuming that organisations are the most sensible way to achieve this, however I'm still researching.

Jovin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2024

Hey @Alex 

Correct, by default in JSM customers can ONLY see their own requests. They can share to others (based on your sharing settings), as an example, you can make it so they can only share to users that have a profile (e.g. their peers that have logged in as well), and they can only share to organizations they are a member to.

By agents I mean your licensed users - they can add any organization to any ticket, which you can reverse/validate through automation rules. 

@Rilwan Ahmed 's comment is also very useful, but is a different mechanism that can also extend to the Agent view. e.g. if Agent A should only be able to see Client A tickets, you can do that.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events