Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,499
Community Members
 
Community Events
176
Community Groups

Security Issue: users are not part of JSM project but still they are able to browse from create butt

Hi,

 I am facing an issue with my customer. 

He is part of only the application access group not in browse permission of a project still he is able to create tickets from create button in change management project details as below.

Project Type: Service

Project Name: Change Management

Browse Permission: No( not added as single user not added as group)

Part of Global Permission: No

Application Access(Jira Service Management): Yes, (user part of group which only has app license)

 

 

3 answers

1 accepted

1 vote
Answer accepted

@Alex Koxaras _Relational_ i got the solution. i go through my permission scheme and see create issue permission.

the create issue permission is granted to Group custom Field Value i.e Assignment group 

it includes all groups in the Jira. So, any user which is having JSM license eligible to create issue from create issue button. As I removed this permission it's fixed the issue.

attaching the permission scheme screenshot.

image.png

Thanks for your support.

@Saqib Dar that's what I told you on my last comment.

And he hasn't as well the create issue permission on that project

Good to know that you've solved it.

Like Saqib Dar likes this

Thanks for your help mate 

0 votes

Hi @Saqib Dar 

When you create a JSM project, you get certain choices about the customers from the project setting. If your project isn't setup to allow customers added to that specific project:

customer permissions.png

 

Then the above is connected to the customer access, to which you let Jira know who can become a customer and under which conditions.

customer access.png

Most likely you have setup your JSM project in such a way to allow customer from either an approved domain, or to create their own account.

@Alex Koxaras _Relational_ 

Application Access: image.png

Customer permession: 

image.png

Business users are neither added to any of service project nor they are part of any other application access group

@Alex Koxaras _Relational_ i have checked the permission helper to these user are not granted any permission in change management project

@Saqib Dar can you also check for any customers inside the project? Check from Customers options on your JSM project, as well as People from project settings (users that have been granted with Service Desk Customer role).

@Alex Koxaras _Relational_ 

no customer role image.png

and those who have application access can create issue from create button

@Saqib Dar 

Sorry, but this doesn't make any sense..

I've tried on my server instance with the following:

  • The user has only Jira core license
  • The user doesn't have the service desk customer role
  • Project is only open to customers who are added

When the above user is not a customer, then he can't see the service desk and can't raise a request from portal.

When he is a customer, he can see the portal and raise a request as expected.

On the above image you've shared, you only mention about the customer role via the project settings. Did you also check on the "Customers" option from the project side bar?

customers selection.png

@Alex Koxaras _Relational_  yes its strange only change management having issues other service type projects are not visible to user.

yes from side bar even not added

So @Saqib Dar please correct any info below, because I'm a bit lost:

  • A single user who has JSM application access
  • But doesn't have JSM project membership on a specific project ("Change Management")
  • Who is not a customer of that specific project
  • And not in any group which grant him the browse project permission
  • And he hasn't as well the create issue permission on that project
  • Can create and view issue on the above mentioned project

Are the above bullets correct?

@Alex Koxaras _Relational_ 

  • A single user who has JSM application access Correct
  • But doesn't have JSM project membership on a specific project ("Change Management") Correct
  • Who is not a customer of that specific project Correct
  • And not in any group which grant him the browse project permission Correct
  • And he hasn't as well the create issue permission on that project Correct
  • Can create and view issue on the above mentioned project Wrong, only create issue from create button, user cannot view it.image.png 
0 votes

@Saqib Dar -

Are you stating that this customer has access to your project via the project UI?  If so, this means he/she has agent license against your JSM env.  Can you confirm?

If he/she is just a customer - By default, they can also access your project via the Portal UI.

Please advise.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Infrastructure Applications Team

Viasat Inc.

@Joseph Chung Yin 

Yes the user has agent license, and it has access through Project UI When the user press create button it shows the project.

they are part of business type project not service.

Please elaborate this point I didn't get (If he/she is just a customer - By default, they can also access your project via the Portal UI)

Thanks.

Regards,

Saqib Dar,

Jira Admin

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events