Issue Summary
Internal comments on agents view trigger workbox notification in Confluence and are causing security problems in customer environments
Steps to Reproduce
- Have an application link setup configurated using OAuth with Confluence, in this case, v6.13.7
- Create two users with application access and browse project permission only in a Jira Service Desk project
- Create a new ticket
- Add them as watchers in a ticket from the agent view
- Add an internal comment from Jira service desk agent view
- Check workbox notification in confluence by logging in as those users
- Workbox notifications trigger in confluence from Jira only on 'Comments on issues that you are watching' our official documentation Which notifications are included?
Detailed replication steps are in this screen recording: Replication_Steps_JiraServiceDesk.mp4
The same behavior is not replicable in Jira Software when adding restricted comments: Not_replicable_JiraSoftware.mp4
Expected Results
Internal comments should not be triggered as workbox notification in Confluence, should be handled in the same way as done in Jira Software
Actual Results
Internal comments are being triggered to customers as workbox notifications in Confluence, which are causing security problems in customer environments
Workaround
Refer to the heading 'Stopping Jira applications from sending notifications to Confluence' in this KB article Configuring Workbox Notifications
andrey.oleynik1934811064 JSD can be used to help agents work with developers, which we refer to as collaborators. In this case, we would expect them to be able to view the internal discussion, as it often provides useful context for a developer.
If you support internal users, they can still raise requests via the customer portal and interact with JSD as an external customer would. As mentioned under "The easiest way to collaborate", you can add users as request participants, which would also allow them to interact with requests raised without requiring the browse projects permission.
Hope this helps.