Jira Service Management Access Granted to Trusted Users Without Default Groups assigned
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Summary
This article provides steps to check why Jira Service Management product access is allowed for the Trusted Users even though the Default group/Product Access groups are not assigned to a Trusted User.
Environment
Jira Service Management
Diagnosis
When a user is granted access to a product, they will be added to the product's default access group. Example: For JSM the Default Access group is jira-servicemanagement-users-xxxxxx. Also, any user added to a group with product access will count toward your product licenses. But sometimes Trusted Users are not part of any user groups listed under product access but still, they hold product Licenses and neither they are listed under the Product Access groups for that specific product.
Cause
This happens because earlier the user had a Trusted role then the user was directly added to the site-admin group, which amended the user role to site-admin on top of the existing Trusted user role, and in the background, the roles are not updated correctly.
Solution
To resolve these issues User Roles need to be reassigned as described below:
- Change the user role to Basic.
- Once this is done, then change the role to Site Administrator.
- And then if you want to give Site-Admin users with any product access then just add them to the Default Groups added under Product Access for that particular Product.