i have serveral service desks per customer; I now notice that my customers can click on the link 'help center' on top, that takes them to an overview an see the other portals.
They cannot create issues so this is fine, but i wouldn't want customers seeing each others portal. Can i disable this? And how?
Customers can only see the Service Desks they have permissions on. This could be because they have 'browse project' permission on the Service Desk project or because they are added to the Service Desk Customers role of certain Service Desks they actually shouldn't see.
An easy way to check the permissions of a specific user, is by using the permission helper. While in JIRA, press g + g on your keyboard. A popup window will appear, where you can type "permission helper".
Enter a user, an issue from the Service Desk you want to check and the permission "Browse Project". The tool will show you whether the user has browse project permissions on the Service Desk project or not.
Make sure you then revoke the browse project permission where necessary. And additionally, make sure that your users are not listed as Service Desk Customers on Service Desks that should not be accessible to them.
A final note: if you are using Groups to grant permissions to users, this could cause you to reconsider how you keep your different customers organised. Suppose you have all your customers in the same group, you might want to reconsider your setup and create separate customer groups in order to fix this.
I looked into your solution. I noticed that you have the 'Service Desk Customer - Portal Access' group in all my project. But if I remove this from the browse projects permission, I get an error, the whole service desk comes unusable, since this is a global permission to identify customers without being part of the global billing structure.
Further more I think your solution seems plausible, but I don't get it to match inside my permission scheme. I do find this documentation page (for server, not cloud): https://confluence.atlassian.com/servicedesk025/jira-service-desk-permissions-754977472.html but it does not address the issue.
Hi Jelle. I don't think that you should change your permission scheme but have a look at who is in the Service Desk Customers role in your Service Desk project.
It is the people having this role that can actually access your service desk through the portal.
Yeah, these are my customers, but only for that project. this is my configuration. The test user can see all the service desk projects i have setup.
If i remove it from the group service desk customer, he can't log in anymore
the permissions above seem right. Atlassian also explicitly states that you should use the Service Desk Customer - Portal Access security type to grant permissions in the permission scheme and not the Service Desk customers.
There is one more thing that comes to my mind. Inside your Service Desk, you also have Request Security:
Screen Shot 2016-03-10 at 12.45.30.png
Have you tried restricting this setting to 'only people on my customers list can raise a request'?
The Jira Software Cloud Team has been busy working on a simple, secure, and reliable way to integrate your build and deployment information from Jenkins with Jira Software Cloud. This means you don’t...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events