Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Jira portal security urgent help required

Muhammad Bilal
Contributor
June 6, 2019

Hi,

We have a main customer portal that refers as below:-

https://xyz.atlassian.net/servicedesk/customer/portals

 

When the customer login, on the page to raise a request, he can see all our projects name and to raise the ticket on the project which we do not want him to see the other project name on the same page, I have tried couple of things here tried permission issues, browse project, but all seems to be Ok, if i remove Service desk customer - portal access from the browse project, it will remove the project from the main portal, but then i have problem with that project and no once can send the request on that project also. Need to know how can i setup this. We have almost more than 30 projects, Need help ASAP. as it is kind a urgent. I am attaching the screen shot also for reference. I have already posted the same problem before and worked all day but could not find the proper solution till now. This is really urgent for me. Let me know if some one can help me right away for this issue :)

 

Thank you in advance

 

Regards

Muhammad Bilal

 

 

1 answer

0 votes
Jack Brickey
Community Champion
June 7, 2019

You must ensure that each project’s Customers are aligned with your needs. In other words go to Customers and inspect to ensure the users listed are those that should have access to the given project. If you use Organizations be sure to inspect there as well.

Muhammad Bilal
Contributor
June 7, 2019

Hi Jack,

 

I have explained more in detail on the other page of the same request to you, when the portal is open''any one can send a request without logging in'' there is no list for the customers we can control i guess. For example if i disable this setting for this project and i select customers my team adds to the project, the project will not show on the main portal, because the customers are not added on this project as of other project customers, But as i said we have to enable the option ''Anyone can send a request without logging in'' if i close this option i am not getting the request on the portal from unknown senders, in the audit logs, i see the error message, '' signup is not available'' :)

 

I hope it is clear. 

Jack Brickey
Community Champion
June 7, 2019

It seems to be working as designed to me.

”anyone can send a request without logging in” = public project which means anyone that stumbles across the URL will see the project and can create a request at which tie they get added as a customer (self-signup like).

you cannot restrict the customer for a public project. Anyone means anyone.

Muhammad Bilal
Contributor
June 7, 2019

Hi,

I understand here, but is there any solution or workaround on this ? can we make different portals on the JIRA CLOUD specifically for the project which has been setup as ''Customers my team adds to the project''.

Any external application to use it for this? 

 

Thanks again!

Jack Brickey
Community Champion
June 7, 2019

No at least not to my knowledge. I deal with this very thing where my internal customer go to the portal and are not logged in and see my public project and they choose to open a ticket there rather than login and get access to the right project. It is an ongoing trading exercise.

Suggest an answer

Log in or Sign up to answer