Customer not added to the project are able to view the portal for the project with restricted access
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Summary
- Customers can view the project in the portal where they are not added as "Customer" under the project and portal access is set to "Restricted" under "Project Settings > Channel Access".
Cause
- If the permission scheme allows "Browse Project" permission to a "User custom field value" OR "Group custom field value" field and if the user is not part of any of the group selected under these fields, still the portal will be visible to the user.
Solution
- If the "Channel Access" is set to restricted and the customer is not added under Project > Customers then validate the permissions for the project by navigating to Project Settings > Permission and check if the "Browse Project" permission is granted for the above two fields.
- If the "Browse Project" permission is granted to the "User Custom Field Value" or "Group Custom Field Value", remove these fields from the browse project permission and check. The portal won't be visible to the customer anymore.