-
Suggestion
-
Resolution: Unresolved
-
None
-
68
-
Currently, the Comments Permission only enables us to manage permissions for all types of comments (internal AND external). An option to manage this more granularly would be nice. I.e., the ability to restrict external comments to certain project roles / users / groups.
orginal request as it has a very clear description:
—
Experienced Behavior
JIRA users are able to view Service Desk requests when granted "Browse Project" permission. These users are automatically able to view internal comments.
Expected Behavior:
JIRA users are able to view Service Desk request when granted "Browse Project" permission but are not able to view internal comments unless they are a part of the Service Desk Team.
Suggested Resolution:
Use project roles to determine if internal comments should be shown to users. A user who has "Browse Project" permission but no project roles should be able to view the request but not any internal comments. Users with "Browse Project" permission should be able to view internal comments when added to a project role such as "Service Desk Team" "Administrators" or "Developers"
- is related to
-
- Closed
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSDCLOUD-9677] Ability to restrict external / internal comments via Permissions
I wanted to share here the orginal request as it has a very clear description:
—
Experienced Behavior
JIRA users are able to view Service Desk requests when granted "Browse Project" permission. These users are automatically able to view internal comments.
Expected Behavior:
JIRA users are able to view Service Desk request when granted "Browse Project" permission but are not able to view internal comments unless they are a part of the Service Desk Team.
Suggested Resolution:
Use project roles to determine if internal comments should be shown to users. A user who has "Browse Project" permission but no project roles should be able to view the request but not any internal comments. Users with "Browse Project" permission should be able to view internal comments when added to a project role such as "Service Desk Team" "Administrators" or "Developers"
—
What a mess. The original request for this JSDCLOUD-3392 was entered in 2016 and gathered 266 Votes, was erroneously marked as duplicate and now this request starts gathering votes from scratch. There are several other related/duplicate issues listed below that also have many votes on them. When Atlassian Duplicates tickets they need to bring along the votes. In my opinion this is not even a request but a defect.
We use JSM as internal Help Desks. For several internal JSM projects we want the company employees to be able view and comment on all tickets without being able to see or make internal comments. JSM should only allow the Service Desk Team Project Role to have access to internal comments. This is a huge security flaw in your system as internal comments can contain sensitive data.
Please change this request to a defect and fix it. Feel free to reach out to me.
Thanks,
Issue Links
is duplicated by!https://jira.atlassian.com/secure/viewavatar?size=xsmall&avatarId=51505&avatarType=issuetype|width=16,height=16! JSDCLOUD-2341 Allow Internal Comments to be Restricted
- Closed
JSDCLOUD-2346As an admin , allow to set default "Comment Viewable by" in project level - Closed
JSDCLOUD-2943Ability to decide the comment security per Service Desk project - Closedis related to
JSDCLOUD-2078As an Admin I'd like to restrict the issue comments from other SD users - Closed
JSDCLOUD-2346As an admin , allow to set default "Comment Viewable by" in project level - Closed
JSDCLOUD-2943Ability to decide the comment security per Service Desk project - Closed
JSDCLOUD-4188Add additional tagging to the customer comments field - Closed
JSDSERVER-829Adding Comments - more comment visiblity options instead of just being restricted to 2 options - Future Consideration
ENT-1527 Authenticate to see additional information.
relates to
JSDCLOUD-3392Restrict internal comments to only users listed in project roles - Closed
JSDCLOUD-9677 Ability to restrict external / internal comments via Permissions
- Gathering Interest
Piling on here. We need this feature please. We've heard it's available in the Jira Software but not in JSM? Please let us know the status for this feature on your roadmap.
Hi Chris- can you please link this ticket as related to JSDCLOUD-829 ? Or elaborate on why they are not linked?
This feature would be incredibly beneficial for compliance and handling tickets- there is much more to this than just Internal and Customer. While I understand that functionality is not just "lift and shift" from Jira Software to Service Management, the fact that this is available in Jira Software makes me optimistic that Atlassian can deliver!
+ 1
ALL Agents licensed for Jira Service Management have the ability to make external comments.
But since we have several JSM projects, we want all teams to be able to add internal comments, but only the team from the "A" project should be able to add an external comment in the "A" project.
It is disappointing that I cannot use the permissions to separate commenting (internal vs. external). There were two workarounds suggested by Atlassian. Given that I would like to make my developers/QAs/BAs directly assignable users, I have no choice but to make them part of the Service Desk Agent project role...now called JSM Service Project Agent role I believe. By doing this however, they now have the ability to comment either internally or to a customer. There are two workarounds....
- I can create a project in Jira and add a cloned copy of the JSM ticket to Jira and assign to them there, in which case I would not need a JSM license for everyone as I can assign to them there. In this scenario, my administrative overhead increases, and you lose money.
- Workaround 2 is that I tell people manually in this group, if you are not a customer facing person, please make sure you don't add comments to "Reply to Customer". I have to add them as JSM Agents in order for it to be assignable directly which cuts the administrative cost and increases your revenue because I have to use a JSM license for this. But this increased MY risk in that someone could inadvertently and inappropriately respond to a customer directly. This is exactly the purpose of a permission scheme!!!
As I am paying for a license for each of these resources, I should be able to alter permission schemes. If I were to outsource to offshore resources and assign them work (and pay you for a license), I should be able to restrict their ability to respond directly to a customer!
+1