We have JIRA Software and ServiceDesk running in one instance, we use Software heavily for internal projects which has a considerable amount of sensitive information related to our business, products and services. Our Service & Support team want to open ServiceDesk to allow external customers access to log and monitor their cases/requests including access to Confluence for a Knowledge Base which we use for internal documentation as well.
I was wondering if anyone else has a similar scenario and what the risks of an external customer gaining access to internal data would be using this method or are we better off separating the two services and having a dedicated JIRA ServiceDesk instance for our external customers?
As long as you think through your access permissions properly, then you should be fine. Although the defaults for JIRA are quite open, it is still designed to enable you to separate out information and only allow people to see what they should. Service Desk is explicitly designed to do that too, and does it by default - it was effectively built for the obvious case of "Internal users see JIRA, Customers only see what they need".
I'd agree 100% with @Noam Dahan on the SSL, (but I instinctively wouldn't run anything other than a read-only public knowledge/information system without SSL nowadays)
Thanks - we are already on SSL. I personally think this goes without saying now days, there is no excuse.
The current permissions is what concerns me, they imported contacts using a third party plugin which has little to no integrity or structure in the data, it created circa 800 groups on the import and all sorts of nastiness hence the concerns over our security on the instance with people potentially getting access to internal information.
Ugh, that's a horrid place to land in. I would indeed be worried about the usage of the groups and what they allow access to, but I'd have a look at what the add-on does with them. If it's just creating the groups, then there's little to worry about, but if it plonks them into permissions or roles, you're really going to have to slog through all of the projects to check and remove them.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
@Rachel Wright (Jira Genie), @Billy Poggi (AUG NOVA, DC), and @Dana Jansen (Confluence Queen) are just some of the folks that lead one of the world's most active Atlassian User Group (AUG)....
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs