Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-14130

Residual permission "authenticated-users" in database after deleting Service Desk project linked to a Confluence KB space

XMLWordPrintable

    • 20
    • Minor
    • 9
    • Hide

      We believe this is an issue related to JSM or service architecture team. We're working with them to identify the owner of this ticket.

      Show
      We believe this is an issue related to JSM or service architecture team. We're working with them to identify the owner of this ticket.

      Issue Summary

      Currently, if a JSM Service Desk project gets deleted while it has a link to a Confluence KB space in place, with the permission of "Who can view" it for the Knowledge base in the Project Settings set to "All logged-in users", this deletion does not revoke that permission and consequently all users can still access and see the Knowledge base space in Confluence Cloud, even if that user hasn't been granted permission within that space. 

      Steps to Reproduce

      1. Make sure your site has Confluence Cloud and Jira Service Management 
      2. Create a Service Desk project in JSM 
      3. Add a Knowledge base space to that project and make sure the permission of "Who can view" it in the Project Settings is set to "All logged-in users"
      4. Logged in as a user with no permissions within that Confluence space, access it and confirm that you're able to see it 
      5. Now go to the SD project in JSM and send it to trash 
      6. Return to the KB space logged in as a user with no permissions there and confirm that you can still see the space 

      Note: The issue also happens if the "JSM users" global permission is toggled off, but the permission wasn't changed to Only Confluence users first in the Project Settings for the Knowledge base.

      Expected Results

      Due to the user not having permission to see that space, and considering that the JSM project has been deleted, the integration should be removed. This will prevent the user without permissions from being able to view the content of that space.

      Actual Results

      Even though the user does not have permission to view that space, and even if the JSM project has been deleted, the integration is not removed. This allows users without permissions to continue seeing the content of that space.

       

      Workaround

      Usually, there's a banner on the Space Permissions page indicating that this Service Desk (JSM) + KB integration was in place, and in that message, there's a button where the admins can click to disable it.

      In case that banner isn't available in your site, please reach out to the Support team so that we can help you with finding the ID of that permission in the site's database to proceed with modifying that using Confluence REST API.

        1. Screenshot 2024-05-24 at 14.17.33.png
          Screenshot 2024-05-24 at 14.17.33.png
          45 kB
        2. Screenshot 2024-05-23 at 21.45.30.png
          Screenshot 2024-05-23 at 21.45.30.png
          279 kB
        3. Screenshot 2024-05-23 at 21.39.44.png
          Screenshot 2024-05-23 at 21.39.44.png
          52 kB

              6f5a448d1c7f Priyank Jain
              40f04a0b8fd0 Eduarda Franck
              Votes:
              5 Vote for this issue
              Watchers:
              23 Start watching this issue

                Created:
                Updated:
                Resolved: