Resolving Jira Service Management permission errors

Still need help?

The Atlassian Community is here for you.

Ask the community

When you create a service project, it uses a permission scheme called Jira Service Management Permission Scheme for %ProjectKey%. If you change this permission scheme, then Jira Service Management might display a permission error similar to the following:

Permission error in Jira Service Desk.

What are permission errors?

Jira Service Management considers the differences between your permission scheme and the standard Jira Service Management permission scheme as errors in the following two categories: 

  • Critical errors (red): Break core service desk functionality, such as adding agents or allowing customers to log in to the portal. Jira Service Management displays a warning until you fix major errors. For a complete list of major errors, see this table.
  • Non-critical errors (yellow): Differ from the standard permission scheme, but don't impact how Jira Service Management works. Jira administrators can choose whether non-critical permission scheme warnings are dismissed automatically, or if they are always shown to project administrators, so that they can either fix or dismiss them.
    • Go to Administration () > Applications > Jira Service Management Configuration, and under Permission scheme errors, choose an option – see below:
      Permission scheme errors in Jira Service Desk configuration.

How do I fix permission errors?

To fix permission errors, you can change the permission scheme yourself, or click the Fix permissions button in the error message to have Jira Service Management fix the errors for you. When you click Fix permissions, Jira Service Management corrects the critical and non-critical errors in your permission scheme by doing the following:

  1. Disassociates your permission scheme with the service desk project.
  2. Creates a copy of your permission scheme called %Your permission scheme%1 and associates the scheme with the project.
  3. Fixes the errors by:
    1. Granting standard permissions to the Administrators and Service Desk Team roles, and the Service Desk Customer - Portal Access security type.
    2. Removing the Service Desk Customers role from all the permissions assigned.

The following table describes how Jira Service Management might fix a permission scheme:

Custom permission scheme Jira Service Management Permission Scheme for Project OA
Fixed permission scheme Jira Service Management Permission Scheme for Project OA 1

The following permissions are set up differently from the standard permission scheme:

  • User John Smith has the Browse Projects permission. This is a minor error. 
  • The Service Desk Customers role has the Create Issues permission. This is a major error. 
  • The Service Desk Customer - Portal Access security type does not have the Create Issues permission. This is the major error. 

After you click Fix permissions, the 'Jira Service Management Permission scheme for Project OA' permission scheme is dissociated with the project, and a new permission scheme called 'Jira Service Management Permission scheme for Project OA 1' will be applied to your service desk. 

  • User John Smith will still have the Browse Projects permission.
  • The Service Desk Customers role is removed from the Create Issues permission.
  • The Service Desk Customer - Portal Access security type will be granted the Create Issues permission. 

Critical permission errors

Critical permission errors break core service desk functionality. Jira Service Desk displays a warning until you fix them. 

ErrorExplanation

The Administrators role does not have the following required permissions:

  • Browse Projects
  • Administer Projects
  • Edit Issues
  • No Browse Projects permission = Administrators cannot access the service desk.
  • No Administer Projects permission = Administrators cannot modify settings of the service desk.  
  • No Edit Issues permission = Administrators cannot edit issues.

The Service Desk Customer - Portal Access security type does not have the following required permissions:

  • Browse Projects
  • Create Issues
  • Add Comments
  • No Browse Projects permission = Customers cannot access the Customer Portal of the service desk, that is they cannot log in.
  • No Create Issues permission = Customers cannot create requests on the Customer Portal.
  • No Add Comments permission = Customers cannot add comments to their requests.

The Service Desk Customers role is granted any permission directly.

Granting permissions to this role gives customers access to Jira functions. Customers should only have access to a Customer Portal and permissions should be granted to the  Service Desk Customer - Portal Access security type.

As a result, administrators will not be able to add any customers to the service desk. Open service desks will become restricted. Public signup will be disabled.

The Service Desk Team role does not have the following required permissions:
  • Browse Projects
  • Edit Issues
  • No Browse Projects permission = Agents cannot see the service desk.
  • No Edit Issues permission = Agents cannot edit issues.

The Service Desk Team role is granted the Administer Projects permission.

Granting the Administer Projects permission to your agents means that all agents become administrators for your service desk.

This is a severe security issue. Jira Service Management will disable the functionality of agent management. As a result, administrators will not be able to add any agents.

The Anyone group is granted the Browse Projects permission.Granting the Browse Project permission to the Anyone group means that anyone can access the project and view all the issues in it.
Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.