I am adding a new service desk agent. When I invite the user I tick on Jira Service Desk and the Group Service Desk users.
Yet when the new users activates and logs in he can see all our projects including he JJire Software Dev projects.
I want him to only work on the Service desk as an agent.
Hi @Deon Botha ,
By granting the user access to Jira Service Desk you give them product access. This means they use a JSD/JSM license and they are given the ability to use JSD features when they have access to a JSD project.
To see the projects however (and interact with them) you will need to grant them permissions on the projects.
You'll need to check the permission scheme(s) of the project(s) you want the agent to access and see how the "browse projects" permissions is set.
This could be granted through a role, group or just a single user. That depends on how it is set up in your organisation.
Thanks Dirk,
I just tried it again:
1. Invited a new JSD team member
2. I checked that only JSD was ticked (and thus group JSD-users)
3. I accepted the invitation on the invitee system, created a password and logged in.
4. Again I could see and browse all projects as that user, and not just the JSD project I expected as configured.
5. I checked the other poject settigs, and that new user is not listed in the People rea.
Maybe I am totaly misunderstandig how Jire assigns permissions. Thanks again for your assistance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Deon Botha ,
You're missing one crucial step imo :)
Could you open up a JSD project and go to the Project Settings -> Permissions?
There you'll have a permissions called "Browse Projects", could you list what groups/users/roles are set there?
By inviting a user and giving him a JSD license he is able to use the JSD features if he has access to a project. Now he is automatically added to the JSD-Users group which good but that doesn't mean that that group actually has permissions on the project.
Thus, first check your project permissions (through the project settings -> permissions) and see what is listed under (at least) the browse projects permission
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK, thanks @Dirk Ronsmans - I am starting to see a picture.
So I have 2 types of Projects. Service Desk and the various dev projects.
If I look at Permissions for the Service Desk Project, it has:
If I look at the Dev (Classic Business) projects, they have:
Am I correct in that I want to remove "Application access (Any logged in user)" to stop a JSD agent from browsing projects?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Allright great!
So for the JSD projects I guess the jira-servicedesk-users group is probably added under the role Service Desk Team which is giving the new users access to the JSD projects.
For the Dev projects, they are indeed able to see them because of the blanket rule:
That just means if they log in with either a JSW or JSD license they will have access.
Removing that permissions is one step indeed to block the JSD agents from accessing them but you will also need to add a new role/group to the permissions to make sure your Devs don't lose access to the projects too :)
If you just remove the "any logged in user" one it will also remove the devs.. so you need to make sure you grant them access specifically. (through a new role or a group)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There is this additional acces group which to me looks like the devs will retain access here:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not exactly, the
is the access granted to any addons/apps you might install. It comes default when you create a project to be sure that addons have access to what they need without you having to grant them the rights manually each time.
So your devs (the people) will need to get access through another role (or group). I suggest creating or using a role as it is a lot more flexible and doesn't require you to adjust your permission scheme each time (you can just add a group or user to a role)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.