How to revoke project access for portal users

I'm trying to group my customers by projects.

If they have premium support they can log tickets in the premium project.

If they have standard support they can log tickets in the standard project.

If they have basic support they can log tickets in the basic project.

I found that I can do this through permissions schemes. I create a new permission scheme for each project.

I then revoke the Browse permission for my project for 'Service Desk Customer - Portal Access'.

After this, I can get JIRA to stop complaining:

Permission scheme error - The Service Desk Customer - Portal Access security type must be assigned to:

  • Browse Projects

How can I make JIRA okay with me setting these permissions?

Or is there another way to control access of users to projects?

 

As it is, this is still a major hack, because I have to add back permissions on an individual basis. Since I can't group 'portal access' customers. But at least it has the desired effect of hiding projects from customers that don't have rights to submit tickets in them.

 

Any guidance appreciated.

1 answer

1 accepted

Accepted Answer
1 vote

Hi Kevin,

You should not modify the permission scheme to control access to your Service Desk project. The Portal Access is what makes your customer have access to the specific Service Desk portal rather than the internal JIRA project behind the scenes.

Make sure that your customers are assigned to the Service Desk Customers role of your project and open Project Settings / Request Security in your Service Desk project:

Screen Shot 2016-09-27 at 23.11.59.png

Then, under "Manage who can raise requests ..." select the last option (Only people on my customers list).

If you take it one step further, create user groups for your premium / basic / standard support users and assign these users to the Service Desk Customers roles on the dedicated projects. From then on, all you need to do is add users to the correct groups and you should be good to go.

Walter,

Thank you. I've been banging my head against a wall for a while to try to figure this out.

Can you expand on the statement that I can group Customers? I've been trying to figure out how to group my customers and it seems that any User Groups I create can only be assigned to licensed users. Portal Only users don't appear to be 'group'-able. Is there another kind of group? Or am I missing something?

Thanks again,

Kevin

Hey Kevin,

That sounds a bit strange to me. Your setup might be influenced by whether you are on Cloud or Server and integrate with an external user directory (such as AD) or not.

Steps you can take are:

  • Go to User Management on your JIRA instance and select Groups
  • Add a group 'Premium Support'
  • Add members to this group (they should indeed be known users on your instance, but do not necessarily consume a license seed (*))
  • Then head back to your Premium Support Service Desk project
  • Under Project Settings, select Users and Roles
  • At the top of the screen, select the link 'Add users to a role'
  • You should be able to locate the Premium Support group and add it to the Service Desk Customers role.

(*) Whether your users consume a license seed for JIRA Software, Core or Service Desk is determined by the Application Access. This is something you could check in the Admin section of JIRA as well. 

 

Walter,

Again, thank you. I was under the impression I had to have customers as "Restricted Portal access" box checked, to avoid paying for another license for them, in addition to keeping security locked down. It does say explicitly under the checkbox "Users with restricted portal access cannot be added to groups or given a license"

Based on what you've said, and a little more research I see the checkbox "Restricted Portal Access", is more or less a device to prevent on boarded customers from accidentally getting the wrong permissions, but it's not needed to actually lock users into the portal. So I'll need to give better instructions to the admins to make sure new customers aren't given admin rights or something else damaging.

Thanks for all your help.

Kevin

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

465 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you