Issue Summary

This is reproducible on Data Center: (no)

When a new JJSM project is created, the permission scheme is automatically configured. However, the "Portal-Only Customer" role (sd.customer.portal.only) is incorrectly granted the ARCHIVE_ISSUES and UNARCHIVE_ISSUES permissions by default. Additionally, attempting to manually assign these permissions via API to the same role results in an error message.

Steps to Reproduce

1. Create a new Jira Service Management project, a permission scheme is created automatically along with the project.
2. Call the "Get Permission Scheme" endpoint to retrieve the details of the newly created permission scheme.
3. Observe that the role type sd.customer.portal.only is granted the following permissions:
   • ARCHIVE_ISSUES
   • UNARCHIVE_ISSUES
4. Attempt to use the "Create Permission Scheme" endpoint to manually assign ARCHIVE_ISSUES and UNARCHIVE_ISSUES permissions to the sd.customer.portal.only role.
5. Note that the system returns an error stating these permissions cannot be granted to the sd.customer.portal.only role.

Obs: Here is a list of permissions that has the same issue:

 Issue Permissions:
    a). Archive Issues
    b). Assignable User
    c). Restore Archived Issues
 Comments Permissions:
    a). Delete All Comments
    b). Edit All Comments
 Attachments Permissions:
    a). Delete All Attachments
All Time Tracking Permissions
All Other Permissions

Expected Results

When a JSM project is created, the automatically generated permission scheme should not grant the ARCHIVE_ISSUES and UNARCHIVE_ISSUES permissions to the sd.customer.portal.only role by default.

Actual Results

The system automatically grants non-whitelisted permissions (ARCHIVE_ISSUES and UNARCHIVE_ISSUES) to the sd.customer.portal.only role, which is incorrect.

Workaround

Currently, the only workaround is to avoid assigning the ARCHIVE_ISSUES and UNARCHIVE_ISSUES permissions when creating or modifying the permission scheme for a JSM project.