Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-8167

"Browse Project" permission set for Reporter overrides the customer permission that results the project getting exposed in the customer portal

XMLWordPrintable

      Steps to Reproduce

      1. In JSD project A, set the customer permission as "Who can access the portal and send requests to <project key>?": "Customers my team adds to the project"
      2. Confirm that the project has no customers added
      3. Edit the permission scheme to add "Browse Project" permission to "Reporter" or "custom user pick field" or current assignee
      4. Access the portal by a customer that has access to customer portal(customer that is added to another project B)

      Expected Results

      Customer will only see project B

      Actual Results

      Customer sees both project A and B

      Workaround

      Remove "Reporter" or "custom user pick field" from "Browse Project" permission

            [JSDCLOUD-8167] "Browse Project" permission set for Reporter overrides the customer permission that results the project getting exposed in the customer portal

            Pinned comments

            Andrew Whitley added a comment -

            This is not exclusive to Reporter. Any user field assigned to the Browse Project permission also causes the portal to be visible externally. Therefore the only workaround is to remove all user fields from the permission and lose the functionality of internal users being able to see only their tickets in the normal issue view.

            Andrew Whitley added a comment - This is not exclusive to Reporter. Any user field assigned to the Browse Project permission also causes the portal to be visible externally. Therefore the only workaround is to remove all user fields from the permission and lose the functionality of internal users being able to see only their tickets in the normal issue view.

            All comments

            Dani Lucas added a comment -

            Why is this bug still not resolved? This can caused a permissions issue and makes no sense that if I have a custom field that I wanna use to give a user, permissions if a ticket is created and wanna share it with it, being able to see a customer portal restricted... Unbelievable

            Dani Lucas added a comment - Why is this bug still not resolved? This can caused a permissions issue and makes no sense that if I have a custom field that I wanna use to give a user, permissions if a ticket is created and wanna share it with it, being able to see a customer portal restricted... Unbelievable

            Veronica Liu added a comment -

            Hi all, 

            Recently our team also focuses on this topic again and we found an article which might be a workaround for this bug.

            Here you are: https://confluence.atlassian.com/jirakb/restrict-users-to-only-see-their-assigned-work-items-in-jira-cloud-1279066436.html

            In a nutshell, we set up issue security scheme and applied on this project. Meanwhile, we removed "current assignee", "reporter", and "user custom field value" which cause the exposure in the customer portal.

            We followed the steps mentioned in this article and tested. It works!

            Although there might be other concern or difficulty resulted from this setting, we consider that it can be shared here for reference.

            Hope this sharing can also work for your teams.  

             

            Veronica Liu added a comment - Hi all,  Recently our team also focuses on this topic again and we found an article which might be a workaround for this bug. Here you are: https://confluence.atlassian.com/jirakb/restrict-users-to-only-see-their-assigned-work-items-in-jira-cloud-1279066436.html In a nutshell, we set up issue security scheme and applied on this project. Meanwhile, we removed "current assignee", "reporter", and "user custom field value" which cause the exposure in the customer portal. We followed the steps mentioned in this article and tested. It works! Although there might be other concern or difficulty resulted from this setting, we consider that it can be shared here for reference. Hope this sharing can also work for your teams.    

            Allen Yi added a comment -

            It would be great to see this bug squashed!

            Allen Yi added a comment - It would be great to see this bug squashed!

            Andrew Whitley added a comment -

            This is not exclusive to Reporter. Any user field assigned to the Browse Project permission also causes the portal to be visible externally. Therefore the only workaround is to remove all user fields from the permission and lose the functionality of internal users being able to see only their tickets in the normal issue view.

            Andrew Whitley added a comment - This is not exclusive to Reporter. Any user field assigned to the Browse Project permission also causes the portal to be visible externally. Therefore the only workaround is to remove all user fields from the permission and lose the functionality of internal users being able to see only their tickets in the normal issue view.

              cmann@atlassian.com chrismann
              ahirama Ai Hirama
              Affected customers:
              15 This affects my team
              Watchers:
              22 Start watching this issue

                Created:
                Updated: