-
Bug
-
Resolution: Unresolved
-
Medium (View bug fix roadmap)
-
None
-
8.20.10, 9.4.5, 9.16.1, 9.17.2
-
8.2
-
15
-
Severity 2 - Major
-
14
-
Issue Summary
JSM Agents might not see all expected requests when doing a JQL search where they are the reporter if requests have an issue security level without the Reporter role added. This appears to be intermittent and possibly caused by caching issues/automations.
This is reproducible on Data Center: yes
Steps to Reproduce
- Create a Service Management project
- Create an issue security scheme and an issue security level.
- Set up an Automation rule to set the security level on issue create
- Add Service project customer - portal access to this security level, but do not add any role which would allow the Agent to see the issue in Jira.
- As an Agent, create some requests from the Customer portal
- View the My Requests in the Customer portal
Expected Results
Agent should be able to see all requests they created via Customer portal and not see them within Jira search.
Actual Results
Sometimes, these requests are not visible on the My requests/All requests page.
There's no error anywhere in the UI or logs, the requests are just not visible but they can be accessed via the direct URL, which indicates that there's no permission issue with at least viewing the request.
Modifying the security levels in any way seems to show the issues temporarily.
Workaround
Add Reporter to the security level
- duplicates
-
-
- Closed
-
-
-
- Gathering Impact
-
- mentioned in
-
Page Failed to load
-
Page Failed to load
-
Page Failed to load
-
Page Loading...
-
[JRASERVER-76927] Sometimes some agents do not see all expected requests in the customer portal if requests have an issue security level without the Reporter role added
I can confirm this bug still exists in 9.17.2. Could this be added to the "Affects Version/s" field?
It looks like it’s hard to gather interest or to understand the impact as there are several issues, if fixed, would solve most if not all of these issues. I’d would think linking those, then totaling up all the folks who stated this effects my team, would give you a better representation of the interest in your customer’s desire to see a bug, in your product, fixed. This looks to nearly identical to JSDSERVER-6041. Many bugs I see in this portal have several linked issues, and the issues almost all have one thing in common, age. They are all many years old.
The workaround of adding the Reporter to the security level isn't viable as we don't want to give them access to issues they shouldn't be able to access as an agent. They should be able to see issues they are a Reporter or Participant on or those with Issue Security, but not otherwise. Issue Security is required to keep confidentiality of issues they shouldn't be able to see.
I can confirm this issue is still present in JSM 10.3.3. Could this version be added to the Affected Versions field?
We continue to have no workaround since modifying the security level isn't feasible. Agents in one project can't see their requests in others, so IT staff can't view their requests for Business Operations and vice-versa, which is causing large service fulfillment issues.