JIRA Service Desk permissions
For example, adding agents to your service desk will add users to the Service Desk Team role. This role gives them access to JIRA Service Desk and also allows them to work on issues.
This page introduces how the users on the People tab of a service desk match to project roles and the permissions they have.
What permissions does each role have?
With the standard permission scheme, the different roles on your service desk have different levels of access as shown below.
- Access both the Customer Portal and the service desk interface in JIRA
- View the Customer Portal, queues, reports and SLA metrics for the service desks they have access to
- Access and edit issues in the service desks they are assigned to
- Add, edit and delete customer-facing and private comments to issues
- Manage content in the knowledge base
- Create requests and track their own requests
- Add public comments to their own requests
- Add attachments to their own requests
- Add agents, collaborators and customers to a service desk
- Remove agents, collaborators and customers agents from a service desk
- Configure request types and the Customer Portal
- Create and edit reports
- Create SLAs for measuring progress
- Connect a Confluence knowledge base to a service desk
- Configure the email channel a service desk
- View issues, comments and attachments
- Add attachments and delete their own attachments
- Add internal comments to issues and delete their own comments
- Watch and vote for issues
How are permissions associated with each role?
Each type of user displayed on the People tab of your service desk matches a JIRA project role, and the project permissions for each type of user are assigned to the JIRA project roles in the permission scheme.
To learn about the permissions assigned to each role, see Standard permissions.
Table: User and project role mapping
| User | JIRA project role |
|---|---|
| Agents | the Service Desk Team role |
| Customers | the Service Desk Customers role Note: The permissions to this role are granted through the Service Desk Customer - Portal Access security type. The security type checks this role to determine who are customers. For details about this security type, see the following section. |
| Collaborators | the Service Desk Collaborators role |
| Service desk administrators | the Administrators role |
Screenshot: How the users on the People tab map to the JIRA project roles in the JIRA administration console
About the Service Desk Customer - Portal Access security type
The permissions assigned to customers are granted to the Service Desk Customer - Portal Access security type instead of the Service Desk Customers role. The Service Desk Customer - Portal Access security type gives people access to the Customer Portal only (not JIRA). This security type checks the Service Desk Customers role to determine who are customers. So in summary, the security type and the role work hand in hand to make sure that customers get the permissions they need to use the Customer Portal and cannot access JIRA.
For example, if you want your customers to be able to create requests through your Customer Portal, grant the Create Issues permission to the Service Desk Customer - Portal Access security type, not the Service Desk Customers role.
Why does the security type have more permissions than what customers can do?
In the standard permission scheme, the Service Desk Customer - Portal Access security type has more permissions in place than the functionality available for customers to use. For example, the security type has the Edit Own Comments permission, but customers cannot do this on the Customer Portal. This is because JIRA Service Desk built the functions that we think are the most commonly used by service desk customers. We will evaluate the feature requests and expand the functions gradually. With the permissions in place now, future functionality additions to the Customer Portal will be easier because you will not have to modify permission schemes to make use of new functions in most cases. You can join the discussion on new features at our issue tracker: Getting issues... .
Using custom permission schemes
If you want to customize the standard permission scheme, make sure that the roles have the mandatory permissions. See Using custom permission schemes.