Resolving JIRA Service Desk permission errors

When you use a custom permission scheme, if the permission settings are different from those of the standard permission scheme, you will see a permission error similar to the following:

Explanation of permission scheme errors

JIRA Service Desk considers the differences between your permission scheme and the standard JIRA Service Desk permission scheme as errors in the following two categories:

  • Critical errors (red): These errors either cause certain administration functionality to be disabled (for example you cannot add agents to your service desk), or impact the day-to-day use of your service desk (for example customers cannot log in to the Customer Portal). This table describes what JIRA Service Desk considers as critical errors. You cannot dismiss these error messages, as you must fix them in order for JIRA Service Desk  to return to normal operation.  
  • Non-critical errors (yellow): Permission scheme differences that do not impact how JIRA Service Desk works are considered as non-critical errors. You can dismiss these error messages if you do not want to use the standard permission setup.

Resolving errors

You can resolve the permission errors by changing the permission scheme yourself or using the Fix permissions button in the error message.  

What does the Fix permissions button do?

The Fix permissions button on the message disassociates your custom permission scheme with the service desk project, creates a copy of your permission scheme with the name of <your_permission_scheme [number]>, and associates this new scheme with the project. The new scheme fixes the errors by:

  • Granting the standard permissions to the Administrators and Service Desk Team roles, and the Service Desk Customer - Portal Access security type.
  • Removing the Service Desk Customers role from all the permissions assigned.
  • Leaving other permission setup as is. 
Your original permission scheme
The new permission scheme

The name of the original one is 'JIRA Service Desk Permission scheme for Project OA'.

The following permissions are set up differently from the standard permission scheme:

  • User John Smith has the Browse Projects permission. This is a minor error. 
  • The Service Desk Customers role has the Create Issues permission. This is a major error. 
  • The  Service Desk Customer - Portal Access security type does not have the Create Issues permission. This is the major error. 

After you click Fix permissions, the 'JIRA Service Desk Permission scheme for Project OA' permission scheme is dissociated with the project, and a new permission scheme called 'JIRA Service Desk Permission scheme for Project OA 1' will be applied to your service desk. 

  • User John Smith will still have the Browse Projects permission.
  • The Service Desk Customers role is removed from the Create Issues permission.
  • The  Service Desk Customer - Portal Access security type will be granted the Create Issues permission. 

What are critical permission errors?

Critical permission errors cause certain functionality of  JIRA Service Desk  to be disabled. 

Error Explanation

The Administrators role does not have the following required permissions:

  • Browse Projects
  • Administer Projects
  • Edit Issues
  • No Browse Projects permission = Administrators cannot access the service desk.
  • No Administer Projects permission = Administrators cannot modify settings of the service desk.  
  • No Edit Issues permission = Administrators cannot edit issues.

The Service Desk Customer - Portal Access security type does not have the following required permissions:

  • Browse Projects
  • Create Issues
  • Add Comments
  • No Browse Projects permission = Customers cannot access the Customer Portal of the service desk, that is they cannot log in.
  • No Create Issues permission = Customers cannot create requests on the Customer Portal.
  • No Add Comments permission = Customers cannot add comments to their requests.

The Service Desk Customers role is granted any permission directly.

Granting permissions to this role gives customers access to JIRA functions. Customers should only have access to a Customer Portal and permissions should be granted to the  Service Desk Customer - Portal Access security type.

As a result, administrators will not be able to add any customers to the service desk. Open service desks will become restricted. Public signup will be disabled.

The Service Desk Team role does not have the following required permissions:
  • Browse Projects
  • Edit Issues
  • No Browse Projects permission = Agents cannot see the service desk.
  • No Edit Issues permission = Agents cannot edit issues.

The Service Desk Team role is granted the Administer Projects permission.

Granting the Administer Projects permission to your agents means that all agents become administrators for your service desk.

This is a severe security issue. JIRA Service Desk will disable the functionality of agent management. As a result, administrators will not be able to add any agents.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport