Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-3421

Remove Customer Portal Access entity from all permissions currently not implemented

XMLWordPrintable

    • 0
    • 3
    • We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.

      Currently, several permissions have been granted to the "Customer Portal Access" entity, despite the functionality to provide these permissions the customer user types not being in place yet.
      These permissions have been granted as placeholders for potential future feature releases.

      This means, that as soon as such a feature gets release, and the JIRA Admin of the JIRA environment upgrades Service Desk, the customers in that environment will automatically get that permission granted.
      This can pose a security issue if the JIRA Admin does not want customers to have these permissions.

      Please remove these placeholders to prevent the potential security issue from above to occur. Instead, we need to properly inform customers when new feature become available, and which steps they need to take in order to provide these features to their customer.

              Unassigned Unassigned
              mnassette MJ (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: