Summary

By rights, free SD customers have no access to JIRA tickets which are not available on SD Customer Portal. In order to allow customers to view those tickets, the JIRA project must be open to Anyone i.e. allowing anonymous access.

When this happens, customers may receive email notifications from the tickets. If they click the email links to view the tickets when logged in, however, they won't be able to view the tickets but will be redirected to Customer Portal instead (without knowing why). They will have to log out to view the tickets or open them in a different browser for anonymous access.

Background

This is indeed an expected behavior, as group Anyone is actually meant for anonymous access. It doesn't literally mean that anyone, regardless of logged-in or anonymous, can browse and view the tickets. What actually happens is:

• If there's no user session (or anonymous), JIRA won't check user permissions but simply open the tickets for anonymous view
• If there's a user session (user logged-in), JIRA will check user permissions and deny access from SD customers since they don't have application access to JIRA

Suggestion

This could be a bug or a suggestion, but there should be a better way to handle this situation to avoid bringing the customers the wrong impression that they can't view the tickets or they have to log out to view a ticket. Some possible solutions are:

1. Replace Group (Anyone) with Anonymous Access in the JIRA schemes. This at least helps JIRA admins to beware that the permission is granted to anonymous users only, not logged-in users.
2. Don't redirect customers to Portal without telling them why. It's better to keep them in the same link and display a message telling them that they don't have the permission to view it, however they can view it anonymously if they log out.
3. Allow customers to view open tickets even when they're logged in, but still restrict them from accessing other functionalities.