-
Suggestion
-
Resolution: Obsolete
-
6
-
NOTE: This suggestion is for JIRA Service Desk Cloud. Using JIRA Service Desk Server? See the corresponding suggestion.
The customer portal is designed to ensure that only the reporter and participants of an issue can see it, as well as agents.
But if anonymous access is enabled, currently everyone becomes able to see every issue, including internal and external comments.
Therefore, the solution seems to be that it should not be possible for an anonymous user to have access to a Service Desk project.
- is related to
-
- Gathering Interest
[JSDCLOUD-2171] Anonymous user should not have access to view Service Desk issues
I arrived to this ticket from JSD-2167
I am using JIRA with Crowd in the back and SSO enabled. I am collecting tickets from external users but they cannot signup to JIRA because self signup does not support Crowd and SSO at the same time so I have to allow anonymous access on my project. I've enabled anonymous acccess and now everybody can see all tickets and internal comments.
Well done Atlassian for this bad design. Your tools cannot work with your tools. Fantastic.
Tanya – DJ Broerse linked a Support issue. Those support issues are not public, so you can't see it.
I do not have permissions to view the link referenced in the comment made by: Matthew McMahon [Atlassian] added a comment - 11/Aug/2015 2:37 PM.
"You do not have permission to view this request."
Hello,
We also have a need, where the users must also see the JIRA projet (without JSD), but JSD assumes they are "collaborators", so they can see internal comments...
=> in our humble opinion, "internal" should mean SD collaborators + SD team roles, not just anyone with the "browse project" permission
Regards
Vincent
Hi Matt,
Thanks for your answer and possible solution.
In the mindset of serving external customers I understand.
If you are serving internal customers Jira gives you the ability to give anonymous users view permission without buying a expensive user license.
It is for me hard to believe why Service Desk should remove this feature and at this moment it doesn't this suggestion will . The only problem for me is that internal comments (only for the agents) are public visible.
Cloning every issue to a normal jira project is achievable but it feels like a dirty workarround for me.
Service Desk is a fantastic addon and also great for internal development teams. I hope in the future Service Desk will still be the best addon for serving internal customers.
Regards,
DJ
DJ Broerse
added a comment - - edited Hi Matt,
Thanks for your answer and possible solution.
In the mindset of serving external customers I understand.
If you are serving internal customers Jira gives you the ability to give anonymous users view permission without buying a expensive user license.
It is for me hard to believe why Service Desk should remove this feature and at this moment it doesn't this suggestion will . The only problem for me is that internal comments (only for the agents) are public visible.
Cloning every issue to a normal jira project is achievable but it feels like a dirty workarround for me.
Service Desk is a fantastic addon and also great for internal development teams. I hope in the future Service Desk will still be the best addon for serving internal customers.
Regards,
DJ A Service Desk project is constructed in such a way, that access to tickets is carefully restricted to only the reporter, included participants and agents.
Collaborators are a different type of JIRA user, that have specifically been given access access to view the tickets on back-end.
I understand that anonymous access to a standard JIRA project is very useful for encouraging collaboration. However, the ability for anonymous access to the back-end of a Service Desk project, has security implications that go against the intended purpose.
In reading your use-case, may I ask if it would be possible for issues you would like to link to other users to view with anonymous access, be inside a standard project?
Regards
Matt
DJ Broerse
added a comment - In my opinion this is a strange conclusion.
There is a reason why issues in a project are visible to anonymous users. In https://support.atlassian.com/servicedesk/customer/portal/3/SDS-6785 I've described a use case.
In standard jira anonymous users have only view permissons on public comments, this is also expected by Service Desk and in my opinion normal behaviour.
Internal comments are comments viewable for only the people with permissions.
DJ Broerse
added a comment - In my opinion this is a strange conclusion.
There is a reason why issues in a project are visible to anonymous users. In https://support.atlassian.com/servicedesk/customer/portal/3/SDS-6785 I've described a use case.
In standard jira anonymous users have only view permissons on public comments, this is also expected by Service Desk and in my opinion normal behaviour.
Internal comments are comments viewable for only the people with permissions.
Anonymous access was implemented in Service Desk which allow any user to create an issue. via Portal.
When Jira admin decide to open Service Desk project to anonymous access it is valid Jira feature.
Closing this ticket as obsolete. If you think there is a use case which is not yet covered with current implementation, please contact our Support team with the question or raise a Suggestion with the full description.
—
Atlassian dev team