I have real concerns about that workaround that was just added by Zee. Unless I'm missing something the workaround is the equivalent to "don't have customers", which isn't a workaround at all. I also think the article is poorly written and the workaround is not described sufficiently, that some people may just try this thinking they're deleting customers from a place that just affects user fields and not from their instance entirely!

While I'd like to limit the assignee user picker to only those who work the back end of the tickets, both the reporter field and the requested participants fields for our system need to see and be able to choose from the portal only customers. If you can make it so we can choose which fields are limited by specific criteria, which would be unique for each field, (meaning having the assignee be limited to Jira software users or a specific user role, and the reporter be limited to portal only customers, etc) I believe that would benefit more users. 

I'd like to add my support for this issue as well. JSM Customers should not appear in the assignee/reporter lists of internal Jira projects. 

I agree with restrictions to such fields as Reporter, HOWEVER I don't agree with such restrictions to all custom fields... For example, we need custom fields of (single/multiple) user-pick for informational purposes and we want to be able to select a user from the full list...

This is a big bug. Please fix. Users that do not have a Jira software or JSM license can be accidentally selected on a user picker field.

This would be a great initiative. 

We have a field that is type "user picker / multiple users". It allows you to select Portal Only Customers. This should not be allowed as they are not users of Jira.

Hence, I vote for this change

We have more than 5000 Jira Software Users and more than 3000 Confluence Users in our Cloud and since one year, we're also running Jira Service Management. And the complaints from Software developers get more and more why they can find so many private email addresses or accounts that are not belonging to our company. We really hope that there will be a solution in the near future. Thank you very much!

This is crucial for security purposes. Please provide us with a resolution.

This ia a very BIG BUG!!! please fix this asap!!!

Portal Only Customer would be an ask for us. To be able to pick customers who are only in this project as a customer in a certain field like reporter would be swell. I know you'll likely never implement this but a lot of customers need this in Cloud or DC. 

+! please fix this

BIG BUG !!! It is a theme that implies in security and data protection. If an agent assigns a customer of other project/company by mistake, we may have serious implications.  

I don't think this is an unreasonable ask, I hope someone at Jira picks this issue up and helps.

Atlassian, 

what is the update here?

This makes Jira for external use difficult, as any user field can provide information that should not be accessible under different data protection laws in many countries.

Atlassian, 

what is the update here?

Please update that task!!! https://jira.atlassian.com/browse/JSWCLOUD-17336

Portal-Only customer should NOT show up when looking for assignee and should not show up on the reporter field for JSW project. Please add at least an option to toggle this on or off.

This is really a big bummer and it should not even be considered as a suggestion, in my opinion, but a bug.
It does not make sense at all to have portal-only customers selectable not only as assignees but as reporters or in any user picker custom field. Those fields should be, at least, limited to users with site access.

Does anyone know if this relatively new announcement will help correct this annoyance or is it unrelated?
https://community.atlassian.com/t5/Jira-Service-Management-articles/A-dedicated-product-access-role-for-internal-customers-in-Jira/ba-p/2279244#M2631

+1 please ...

https://getsupport.atlassian.com/browse/PCS-159132 

From closed duplicate JSWCLOUD-21368 – Don't allow Portal Only Customers who don't have Jira application access to appear as option in Board Admins list

https://getsupport.atlassian.com/browse/PCS-33661

This issue here is about a basic (small) but necessary improvement: don't show users who don't have access to jira as option under Jira projects!

At this moment, it's possible to select Portal Only customer as Board Admins for JSW boards. This won't give them access/visibility do the board, but it's a misleading information for site-admins, since it seems these users do have access to Jira itself as they appear as option to be admins in a JSW Board.

Hi Atlassian, any plans on this?  

Can you share some workaround we can apply meanwhile?

Regards

Mateusz.

As Rostislav Harazin (very helpfully!) identified above, I believe this issue is a duplicate of JRACLOUD-36896 – Limit User Picker to members of certain groups/roles in System Fields. Although this issue is older, the above one has more votes.

I recommend that watchers of this issue vote on and watch the above issue. So that votes aren't split, I believe this ticket should be closed, but I will wait a week before taking any action in case anyone thinks both issues should continue to exist. Thank you!

Dear Atlassians,

with all due respect to you and your amazing work, from our point of view this should not be a mere feature request. It should be reconsidered as a big bug.

There are many similar reported issues (probably causing a fragmentation of votes) which proves in a way how big privacy concern it is.

• Suggestion: Don't show users (or Portal Only Customer) who doesn't have Jira application access to appear on reporters and project roles list (59 votes)
  https://jira.atlassian.com/browse/JSDCLOUD-10055
  Created 10/Mar/2011 2:03 PM

• • It is creating panic among our teams that clients visible in the Reporter field and if selected may provide clients access to our internal discussions, work, etc.

• Suggestion: Limit User Picker to members of certain groups/roles in System Fields (312 votes)
  https://jira.atlassian.com/browse/JRACLOUD-36896
  Created 07/Feb/2014 1:55 AM (related JRASERVER-7659: 16/Aug/2005 4:13 PM)

• • The typical problem with the "Browse Users" permission is that we, and many others, invite external users (project partners, customers) to their JIRA projects, but cannot give them this permission, as that would disclose other customers/partners one is working with.

• • It is a big issue and seems like a problem for GDPR that even if you don't have access to another Jira project you can see that project's customer's personal information (name and email address).

• Suggestion: Restrict Reporter Field to only users with Create Issues Permission (51 votes)
  https://jira.atlassian.com/browse/JRACLOUD-42446
  Created: 13/Mar/2015 1:38 PM

• • Dangerous - it breaches privacy where issue content is shared in an email notification to the new "reporter"

• • Confusing - the new "reporter" doesn't understand the reference/relevance to their product support

• • Time wasting

1. 1. 1. the "reporter" wastes their time in alerting us of the error in selecting the wrong reporter, and

1. 1. 1. it wastes our time to understand what has happened and how to appropriately resolve the reporter used in error, and

1. 1. 1. it delays the issue resolution if the SD Team member is trying to get further information from who they assume is the intended reporter to fix the issue. *Especially if the issue is a P1 or P2 these delays could be very bad.

• Bug: Customer without permission to project can be added as a reporter of a request (7 affected)
  https://jira.atlassian.com/browse/JSDCLOUD-8649
  Created 28/Nov/2019 12:27 PM (probably much more earlier according to issuekey)

• • Exposes customer contacts to any Jira user on the system.

• • External customers could be accidentally associated with others tickets not remotely related to theirs

• Suggestion: Customers shouldn't be suggested on User Picker custom fields on non-Jira Service Management projects (19 votes)
  https://jira.atlassian.com/browse/JRACLOUD-76780
  Created 07/Jun/2021 4:08 PM

Maybe more.

Plus 1, especially to Julia Foden's comments above.

Portal only customers should also not be offered in the Reporter and Assignee dropdowns in the Issues view (mini issue navigator) inside non-JSM projects.

In the same boat at Mohammed Elyas Ahammad.  Can't  move forward with onboarding additional clients.  

The reason for using Jira Software is to keep customers out of our internal world of work and have them access only to the customer portal and Jira Service Management for submitting tickets and client communication.

It is creating panic among our teams that clients visible in the Reporter field and if selected may provide clients access to our internal discussions, work, etc., Please fix this bug at the earliest.

Any updates on this? 

Our organization is facing an issue whereby some users are appearing twice in the Add user to project list, on further investigation Atlassian have confirmed that this is because the user in question has both a Jira account and Jira Service Desk (JSD) customer account, however since the project to which we are looking to add the user is a standard Jira project (not JSD) it is inappropriate to make JSD customer accounts available for selection in this case. Our ask therefore is that JSD customer accounts are NOT made available for selection when adding users to a standard Jira project.

There's one more issue might related with this feature, please advise if need to create seperate ticket for checking.

If the user does have both Jira access and Portal only Customer, when add people to particular project role, it'll display both account which lead confusing to the user, both account are using same email address.

Yes, we need it as well. We have several LDAP users that aren't in any JIRA specific Groups and it's allowing us to assign them to the Reporter field. It seems like a bug that JIRA would allow you to assign a Reporter that can't even log into the JIRA system.

cool feature, we need it as well