How to revoke project access for portal users

goodmangear September 27, 2016

I'm trying to group my customers by projects.

If they have premium support they can log tickets in the premium project.

If they have standard support they can log tickets in the standard project.

If they have basic support they can log tickets in the basic project.

I found that I can do this through permissions schemes. I create a new permission scheme for each project.

I then revoke the Browse permission for my project for 'Service Desk Customer - Portal Access'.

After this, I can get JIRA to stop complaining:

Permission scheme error - The Service Desk Customer - Portal Access security type must be assigned to:

  • Browse Projects

How can I make JIRA okay with me setting these permissions?

Or is there another way to control access of users to projects?

 

As it is, this is still a major hack, because I have to add back permissions on an individual basis. Since I can't group 'portal access' customers. But at least it has the desired effect of hiding projects from customers that don't have rights to submit tickets in them.

 

Any guidance appreciated.

2 answers

2 accepted

1 vote
Answer accepted
Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 27, 2016

Hi Kevin,

You should not modify the permission scheme to control access to your Service Desk project. The Portal Access is what makes your customer have access to the specific Service Desk portal rather than the internal JIRA project behind the scenes.

Make sure that your customers are assigned to the Service Desk Customers role of your project and open Project Settings / Request Security in your Service Desk project:

Screen Shot 2016-09-27 at 23.11.59.png

Then, under "Manage who can raise requests ..." select the last option (Only people on my customers list).

If you take it one step further, create user groups for your premium / basic / standard support users and assign these users to the Service Desk Customers roles on the dedicated projects. From then on, all you need to do is add users to the correct groups and you should be good to go.

goodmangear September 27, 2016

Walter,

Thank you. I've been banging my head against a wall for a while to try to figure this out.

Can you expand on the statement that I can group Customers? I've been trying to figure out how to group my customers and it seems that any User Groups I create can only be assigned to licensed users. Portal Only users don't appear to be 'group'-able. Is there another kind of group? Or am I missing something?

Thanks again,

Kevin

Walter Buggenhout
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 27, 2016

Hey Kevin,

That sounds a bit strange to me. Your setup might be influenced by whether you are on Cloud or Server and integrate with an external user directory (such as AD) or not.

Steps you can take are:

  • Go to User Management on your JIRA instance and select Groups
  • Add a group 'Premium Support'
  • Add members to this group (they should indeed be known users on your instance, but do not necessarily consume a license seed (*))
  • Then head back to your Premium Support Service Desk project
  • Under Project Settings, select Users and Roles
  • At the top of the screen, select the link 'Add users to a role'
  • You should be able to locate the Premium Support group and add it to the Service Desk Customers role.

(*) Whether your users consume a license seed for JIRA Software, Core or Service Desk is determined by the Application Access. This is something you could check in the Admin section of JIRA as well. 

 

goodmangear September 28, 2016

Walter,

Again, thank you. I was under the impression I had to have customers as "Restricted Portal access" box checked, to avoid paying for another license for them, in addition to keeping security locked down. It does say explicitly under the checkbox "Users with restricted portal access cannot be added to groups or given a license"

Based on what you've said, and a little more research I see the checkbox "Restricted Portal Access", is more or less a device to prevent on boarded customers from accidentally getting the wrong permissions, but it's not needed to actually lock users into the portal. So I'll need to give better instructions to the admins to make sure new customers aren't given admin rights or something else damaging.

Thanks for all your help.

Kevin

0 votes
Answer accepted
Muhammad Akram Sharifi June 18, 2021

Hi @Walter Buggenhout 

I have a problem relevant to this post 

I know how to revoke customers access but I am falling into a situation where i need to grant access back to the customer.

Can you please Help with this 

I appreciate your help. 

Suggest an answer

Log in or Sign up to answer