Summary

• As a Jira Service Desk portal only customer, they should not have permissions to access and manage (create issues, browse projects) in other projects type as they are not counted for application access.
• However, in a project other than service desk project, using permission helper allows to search for portal only customers and we can see that the portal only customers have permissions to perform actions such as create issues depending on the permission scheme where at minimum the create issues permission is set for application access - any logged in user where in reality they will not be able to do it as they do not have access to the project.
• The permission helper should not show that :
  1) We can search for customer portal only users
  2) The permissions that they have in other projects

Steps to Reproduce

• Keep note of a service desk customer portal only user
• Go to a business or a software project
• Open permission helper
• Search for the service desk customer portal only user earlier
• Choose create issues permissions
• It will show that this user has permissions to do so

Expected Results

• The permission helper message should show that this portal only customer does not have permissions to do so or it should show as blank.

Actual Results

• It shows that the service desk customer has permissions to perform the action (create issue)

Workaround

N/A