Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Low Engagement
Fix Version/s: None
Component/s: Licensing & Permissions
Labels:
- affects-server

UIS:
0
Support reference count:
3
Feedback Policy:

We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.

Currently, several permissions have been granted to the "Customer Portal Access" entity, despite the functionality to provide these permissions the customer user types not being in place yet.
These permissions have been granted as placeholders for potential future feature releases.

This means, that as soon as such a feature gets release, and the JIRA Admin of the JIRA environment upgrades Service Desk, the customers in that environment will automatically get that permission granted.
This can pose a security issue if the JIRA Admin does not want customers to have these permissions.

Please remove these placeholders to prevent the potential security issue from above to occur. Instead, we need to properly inform customers when new feature become available, and which steps they need to take in order to provide these features to their customer.

Attachments

Issue Links

relates to

JSDCLOUD-3421 Remove Customer Portal Access entity from all permissions currently not implemented

Closed

Activity

People

Assignee:: Unassigned

Reporter:: MJ (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 16/Feb/2016 12:47 PM

Updated:: 17/May/2021 10:43 PM

Resolved:: 17/May/2021 10:43 PM