Pros/cons of enabling Browse User for everyone (JSD customers)

Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 8, 2020

We recently implemented Jira Service Desk (Cloud) for our internal organization. We have multiple service desk projects, and one of them is trying to utilize the user picker function for staff to select their manager on specific request types.

As per design, this does not work by default for non-Jira system users as the Browse Users global permission is set to allow only specific roles. This permission is required to allow user picker functionality.

Our site is not public. We use Okta SSO in conjunction with Atlassian Access to control who our Service Desk customers are, so the only people getting access to the list of users would be staff members or approved users of Jira, JSD.

Are there any downsides to setting Browse Users to Public, or the group that defines Jira Service Desk customers?

5 answers

1 vote
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 8, 2020

Hi Darryl,

I have discovered that if you give users (including customers) the Service Desk Team project role, then they can see the list of values for user picker fields. 

0 votes
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 24, 2020

Great - I am glad you were able to get to a good solution.  :-)

And thank you for the additional information. Did you end up also giving them Service Desk Team role? 

0 votes
Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 24, 2020

Thanks for the clarification John.

I was hesitant to try your suggestion as I wasn't sure about the potential unintended impact. I did ultimately find out from support that I needed to modify Project Settings->Customer Permissions->Who can customers share requests with to Any customer or organization, by searching this project.

This, along with the Browse Users global permission resolved the issue.

I still haven't really determined if this is a good practice or not, but I did some limited testing and it does not appear to have opened up any undesired access.

0 votes
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 12, 2020

This is not in the permission scheme but the project settings. If you have added customers to the People section on your project, then you should be able to add them to the Service Desk Team project role. Then they can see the values in the user picker dropdown. Were you able to do that. 

0 votes
Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 11, 2020

Thanks John, I'm not sure that's what I'm looking for though.These are strictly "customers", unlicensed staff who submit service desk issues.

The system allows me to add a group that all these people are in to the Browse Users and Groups permission, but I don't believe it honors it for them. I have a support issue in with Atlassian now. When I get a response, I'll update this item.

Suggest an answer

Log in or Sign up to answer