Restrict customer access to dashboard only.

Chris M April 17, 2013

We have a project setup to track the on-going support issues from all our clients. One particular larger client wants to be able to see a dashboard of progress on their own issues. I have run into a problem with this and would like some advice!

Currently their issues are differentiated by a custom field. I have setup a dashboard that shows only those items quite easily since it's just custom filters.

However I can't seem to get permissions to work properly - is this possible?

The other option is to setup a completely separate project for their support issues which isn't ideal.

5 answers

1 accepted

1 vote
Answer accepted
Chris M April 19, 2013

In the end, I setup a separate project for the customer's support issues, this seems the safest in the long run.

Even with just the browse permission it's worth people realising how much the customer can still do.

I noticed they:

- can select the Agile menu despite Greenhopper being turned off for the project. They can't actually set up a board they get an error re sharing but they can still click fairly far into the process.

- have full access to the issue navigator for that project - i.e. they can see all comments, activity and worklogs etc.

- can access the project summary tab where they can run some reports (most dont work to be fair as Ive not allowed browse users)

You need to remember to turn off Confluence access and remember to amend the system dashboard - I was using that to show other internal information. In the end I just deleted the information on that completely and created new custom dashboards for internal and for external.

Actually after an interal discussion we thought it wasn't too much of a problem if they saw the info above, in fact it had some advantages. We may even open up the create issue button at some point so they can log their own issues. It would however be nice if we had more control over what menus appeared etc.

Whilst I am typing this, I may as well mention Confluence. I tried setting up a Confluence space where they were locked down to view just that space. I noticed that they were able to access 'team calendars' and 'people' where they can follow users activity - I would prefer to be able to turn that off.

Also I saw that in order to be able to use the Confluence external gadgets like the Jira pie chart the user needs to have log in rights to Jira, so they can just click the button top left on the nav bar and see all the info mentioned above in Jira - just something to be aware of.

Chris M April 24, 2013

Update: I found that you can restrict access to the Jira menu in confluence using the Application Navigator - and restrict by group. https://confluence.atlassian.com/display/AOD/Application+Navigator+FAQ

0 votes
Péter Kubányi-Balázs September 9, 2014

Hey!

Not sure if it was in the question, but what if I want the customer only to access the Dashboard. We have a customer whos issues are handled in our JIRA, and he doesn't want to read in our issues (and we also do not want him to), but would like to see a summary list of the issues we handle. So my thought was to give him permission only to the Dashboard. I created the filters and stuff, but in order for him to see the filtered gadgets on the dashboard, I need to give him permission for the project. Now if I do, he will be able to look into the issues. 

Do you happen to know a solution for this kind of problem?

Thanks in advance,
Peter 

0 votes
Nicholas Muldoon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2013

Hey Chris,

You may like to look at Viewport for having customers raise issues - a very cut down JIRA create issue page.

Cheers,
Nick

Chris M April 24, 2013

Hello, I signed up but have not heard back as yet.

0 votes
Tanner Wortham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 17, 2013

have you tried using the 'Filter Results' widget and create a filter that takes advantage of the custom field you mention? You can create a dashboard off several of those widgets. As far as permissioning it so JIRA does it itself, I'm not sure if that's possible or not. (But it would be cool if it did.)

Chris M April 17, 2013

Hello, creating the widgets isn't a problem, I've done that. The problem is allowing them to login to our ondemand instance but only allowing them to see that dashboard.

0 votes
Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 17, 2013

Hi Chris, the problem here it's that when you search with the filter it only will show issues from a project you can actually see. So, in order to do that you have to give the user the Browse Project permission inside the project, and giving that permission it will make him able to see all the issues inside the project.

Another approach will be using the issue security scheme, but again if the user can't see the issue he won't be able to see it listed on the filter so you will have to add a security level to all the issues that this client can see (those who have the customfield).

Hope this helps.

Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 17, 2013

Now that I read your question again I think the security scheme it's your best option. You can configure a level for all the users except this client and another level for all users for example.

Chris M April 17, 2013

I see what you mean, but can you differentiate access by custom field though? I will have to have a go. TBH it may just be easier to have a separate project! I guess our reporting will still work as our internal support dash could draw from both projects.

Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 17, 2013

Not necessary need the customfield to differentiate if you have different security levels.

And yes, having different projects would be the fastest and easiest way.

Chris M April 17, 2013

Wouldn't the different security levels only work if we use different issue types, one for internal and one for external? I don't see how the different security level will help re the dashboard.

Ramiro Pointis
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 17, 2013

Not really, you can have only one issue type, the difference will be on the field Security Level, if you want a user to see the issue he has to be able to see the Security Level of the issue. And if the user can't see the issue then it won't be showed on the dashboard.

In my case I have 3 Levels, High it's only for Administers, Medium it's for Administers and Employees and Low it's for Administers, Employees and Client.

Now, if you want the user only to see the Dashboard tab and nothing else will be difficult, because if he can see the issues he can see the statistics inside the Project tab.

Suggest an answer

Log in or Sign up to answer