Portal Project access

Hi all,

A customer of mine is in the process of deploying Jira Service Management DataCenter.

JSM will be used for ITSM and ESM usecases.

A couple of service projects and one ITSM project will be on the portal.

Different groups of people will have access to different projects.

About Portal access.

There is a Manager Space project that will contains all services that are specifics to manager. Only Managers will have access to this specific project.

My understanding is :

If you choose to configure the project's customer permission as : "Customers who are added to the project", you will need to add each person you want to have access to this particular project as a customers.

If you choose to configure the project's customer permission as : "Customers who have an account on this Jira site", everyone with an account in this instance will be able to submit request in this project.

Now the question : If we have 1.2k managers, do I need to add 1.2k persons as customers in my project ? I tried to remove "Browse project" to the security type "Service project customer - portal access" and give it to the role "Service Desk customers" and adding my jira group that contains all our managers in the role "Service Desk customers" but I keep getting a critical permission error. Configured like this, it seems like I have the correct behaviour but the proeminent critical warning is getting on my nerves. If I want to stay by the ootb setup, I'll need to add customers. Is there a way to add customers to a project or an organization based on group membership other than with a script?

Thank you,

2 answers

1 accepted

4 votes

Answer accepted

Hi @Pier-Olivier Tremblay - You are correct about customer permission settings. That is the most crucial part of this.

For your managers, it depends upon whether their accounts are managed by your company or not:

Company Managed

This means that you have the ability to create unlicensed atlassian accounts for them on your instance via SSO or through site administration. In this scenario, they can be added to a group. Then assign that group to the Service Desk Customers role on the management project. From there, you only need to manage group membership.

Customers

In this scenario, they are truly not controlled by your company and there isn't much you can do about having to add each one-by-one. The only option, If there is no issue with privacy, is that you could add them all to a single organization and add that organization to the project. NOTE - They would have access to every request raised on that project.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

One last note:

I tried to remove "Browse project" to the security type "Service project customer - portal access" and give it to the role "Service Desk customers"

This shouldn't be necessary

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks for your answer. They are company managed account. And the Service Desk customers role is configured with their group. But everyone is still able to see the project.

Do I need to configure the customer permission as : “Customers who are added to the project” and add nobody as customers for the role membership to come into effect ?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Whoops not legged in with the correct account on my cellphone but still the same guy.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Ok so tested my assumptions based on your comment and it does the trick.

You need to configure the customer persmissions as : Customers who are added to the project

You need to add the group containing your managers to the "Service Desk customers" role.

In the end, the role "Service Desk customers" is nowhere to be seen in the permission scheme but users having this role will have the permission given by the access type "Service project customer - portal access".

This is not clear at all and as far as I am aware absolutely not explained like this in the doc but it works.

Thank you man

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Mark Segall likes this

1 vote

@Pier-Olivier Tremblay in addition to what @Mark Segall shared if you know all the manager's email addresses you can use the Invite Customers Link and specify each Email Address for New Customers (space-delimited for multiple addresses; eg email1@domain.com email2@domain.com etc.

If you are unable to create a group as Mark suggested but you have access to and application with the manager's emails you could create a simple app that uses the REST API to create customers.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks for your help @Brant Schroeder , I am able to create a group so Mark's suggestion is working fine.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Portal Project access

2 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events