Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security Issue: users are not part of JSM project but still they are able to browse from create butt

Saqib Dar
Saqib Dar December 4, 2022

Hi,

 I am facing an issue with my customer. 

He is part of only the application access group not in browse permission of a project still he is able to create tickets from create button in change management project details as below.

Project Type: Service

Project Name: Change Management

Browse Permission: No( not added as single user not added as group)

Part of Global Permission: No

Application Access(Jira Service Management): Yes, (user part of group which only has app license)

 

 

Answer
Watch
Like Be the first to like this
524 views

3 answers

1 accepted

1 vote
Answer accepted
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_ i got the solution. i go through my permission scheme and see create issue permission.

the create issue permission is granted to Group custom Field Value i.e Assignment group 

it includes all groups in the Jira. So, any user which is having JSM license eligible to create issue from create issue button. As I removed this permission it's fixed the issue.

attaching the permission scheme screenshot.

image.png

Thanks for your support.

View More Comments
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 5, 2022

@Saqib Dar that's what I told you on my last comment.

And he hasn't as well the create issue permission on that project

Good to know that you've solved it.

Like Saqib Dar likes this
Saqib Dar
Saqib Dar December 5, 2022

Thanks for your help mate 

Like
Reply
0 votes
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 4, 2022

Hi @Saqib Dar 

When you create a JSM project, you get certain choices about the customers from the project setting. If your project isn't setup to allow customers added to that specific project:

customer permissions.png

 

Then the above is connected to the customer access, to which you let Jira know who can become a customer and under which conditions.

customer access.png

Most likely you have setup your JSM project in such a way to allow customer from either an approved domain, or to create their own account.

View More Comments
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_ 

Application Access: image.png

Customer permession: 

image.png

Business users are neither added to any of service project nor they are part of any other application access group

Like
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_ i have checked the permission helper to these user are not granted any permission in change management project

Like
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 5, 2022

@Saqib Dar can you also check for any customers inside the project? Check from Customers options on your JSM project, as well as People from project settings (users that have been granted with Service Desk Customer role).

Like
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_ 

no customer role image.png

and those who have application access can create issue from create button

Like
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 5, 2022

@Saqib Dar 

Sorry, but this doesn't make any sense..

I've tried on my server instance with the following:

  • The user has only Jira core license
  • The user doesn't have the service desk customer role
  • Project is only open to customers who are added

When the above user is not a customer, then he can't see the service desk and can't raise a request from portal.

When he is a customer, he can see the portal and raise a request as expected.

On the above image you've shared, you only mention about the customer role via the project settings. Did you also check on the "Customers" option from the project side bar?

customers selection.png

Like
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_  yes its strange only change management having issues other service type projects are not visible to user.

yes from side bar even not added

Like
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 5, 2022

So @Saqib Dar please correct any info below, because I'm a bit lost:

  • A single user who has JSM application access
  • But doesn't have JSM project membership on a specific project ("Change Management")
  • Who is not a customer of that specific project
  • And not in any group which grant him the browse project permission
  • And he hasn't as well the create issue permission on that project
  • Can create and view issue on the above mentioned project

Are the above bullets correct?

Like
Saqib Dar
Saqib Dar December 5, 2022

@Alex Koxaras _Relational_ 

  • A single user who has JSM application access Correct
  • But doesn't have JSM project membership on a specific project ("Change Management") Correct
  • Who is not a customer of that specific project Correct
  • And not in any group which grant him the browse project permission Correct
  • And he hasn't as well the create issue permission on that project Correct
  • Can create and view issue on the above mentioned project Wrong, only create issue from create button, user cannot view it.image.png 
Like
Reply
0 votes
Joseph Chung Yin
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 4, 2022

@Saqib Dar -

Are you stating that this customer has access to your project via the project UI?  If so, this means he/she has agent license against your JSM env.  Can you confirm?

If he/she is just a customer - By default, they can also access your project via the Portal UI.

Please advise.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Infrastructure Applications Team

Viasat Inc.

View More Comments
Saqib Dar
Saqib Dar December 4, 2022

@Joseph Chung Yin 

Yes the user has agent license, and it has access through Project UI When the user press create button it shows the project.

they are part of business type project not service.

Please elaborate this point I didn't get (If he/she is just a customer - By default, they can also access your project via the Portal UI)

Thanks.

Regards,

Saqib Dar,

Jira Admin

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events