Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Service desk user permissions Edited

I am adding a new service desk agent. When I invite the user I tick on Jira Service Desk and the Group Service Desk users.

 

Yet when the new users activates and logs in he can see all our projects including he JJire Software Dev projects.

 

I want him to only work on the Service desk as an agent.

1 answer

1 accepted

0 votes
Answer accepted
Dirk Ronsmans Community Leader Nov 17, 2020

Hi @Deon Botha ,

By granting the user access to Jira Service Desk you give them product access. This means they use a JSD/JSM license and they are given the ability to use JSD features when they have access to a JSD project.

To see the projects however (and interact with them) you will need to grant them permissions on the projects.

You'll need to check the permission scheme(s) of the project(s) you want the agent to access and see how the "browse projects" permissions is set. 

This could be granted through a role, group or just a single user. That depends on how it is set up in your organisation.

Thanks Dirk,

I just tried it again:

1. Invited a new JSD team member 

2. I checked that only JSD was ticked (and thus group JSD-users)

3. I accepted the invitation on the invitee system, created a password and logged in.

4. Again I could see and browse all projects as that user, and not just the JSD project I expected as configured.

5. I checked the other poject settigs, and that new user is not listed in the People rea.

Maybe I am totaly misunderstandig how Jire assigns permissions. Thanks again for your assistance.

Dirk Ronsmans Community Leader Nov 19, 2020

Hi @Deon Botha ,

You're missing one crucial step imo :)

Could you open up a JSD project and go to the Project Settings -> Permissions?

There you'll have a permissions called "Browse Projects", could you list what groups/users/roles are set there?

 

By inviting a user and giving him a JSD license he is able to use the JSD features if he has access to a project. Now he is automatically added to the JSD-Users group which good but that doesn't mean that that group actually has permissions on the project.

 

Thus, first check your project permissions (through the project settings -> permissions) and see what is listed under (at least) the browse projects permission

OK, thanks @Dirk Ronsmans - I am starting to see a picture.

So I have 2 types of Projects. Service Desk and the various dev projects. 

If I look at Permissions for the Service Desk Project, it has:

  • Project Role (Administrators)
  • Project Role (atlassian-addons-project-access)
  • Project Role (Service Desk Team)
  • Service Project Customer - Portal Access

 

If I look at the Dev (Classic Business) projects, they have:

  • Project Role (atlassian-addons-project-access)
  • Application access (Any logged in user)

Am I correct in that I want to remove "Application access (Any logged in user)" to stop a JSD agent from browsing projects?

Dirk Ronsmans Community Leader Nov 19, 2020

Allright great!

So for the JSD projects I guess the jira-servicedesk-users group is probably added under the role Service Desk Team which is giving the new users access to the JSD projects.

For the Dev projects, they are indeed able to see them because of the blanket rule:

  • Application access (Any logged in user)

That just means if they log in with either a JSW or JSD license they will have access.

Removing that permissions is one step indeed to block the JSD agents from accessing them but you will also need to add a new role/group to the permissions to make sure your Devs don't lose access to the projects too :)

If you just remove the "any logged in user" one it will also remove the devs.. so you need to make sure you grant them access specifically. (through a new role or a group)

There is this additional acces group which to me looks like the devs will retain access here:

  • Project Role (atlassian-addons-project-access)
Dirk Ronsmans Community Leader Nov 19, 2020

Not exactly, the 

  • Project Role (atlassian-addons-project-access) 

is the access granted to any addons/apps you might install. It comes default when you create a project to be sure that addons have access to what they need without you having to grant them the rights manually each time.

So your devs (the people) will need to get access through another role (or group). I suggest creating or using a role as it is a lot more flexible and doesn't require you to adjust your permission scheme each time (you can just add a group or user to a role)

OK, I think I'm sorted now, thanks very much. 

Like Dirk Ronsmans likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

241 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you