We have a Project that has the following settings:
Who can raise a request: Customers who are added to the project
Who can customers share a request with?: Other customers in their organisation.
It seems that users are able to invite anyone to access the portal and view tickets when they are not part of the organisation: i.e. a personal Gmail account
How is this possible ?
Thanks so much for your question.
I could not reproduce this issue on Jira Service Management version 4.14.0.
I applied the same customer permissions to a project and as long as the request creator was not part of an organisation, the share button was not visible in the request page.
After adding a second customer to the same organisation, it was possible to share with that customer, which again was not possible after removing that customer from the organisation.
One thing that could be happening there is that a Jira admin can share a request with anyone (using an email address) and can even create new users whilst sharing.
If this is not what is happening in your case, please provide more details including the version you are running on and some screenshots of your settings for:
Jira Service Management
ps. if this answer is correct, please select the ‘accept answer’ button
On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link. We've seen a number of questions already asking for...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events