Resolve permission scheme errors in Jira Service Management

Still need help?

The Atlassian Community is here for you.

Ask the community

Purpose

When you create a service project, it uses a permission scheme called Jira Service Management Permission Scheme for %ProjectKey%. If you change this permission scheme, then Jira Service Management might display a permission error similar to the following: 

For information about mandatory permissions for Jira Service Management roles, see Using custom permission schemes

Solution

About permission errors

Permission errors are differences between your permission scheme and the standard Jira Service Management permission scheme. There are two types of errors:

  • Major errors: Break core service project functionality, such as adding agents or allowing customers to log in to the portal. Jira Service Management displays a warning until you fix major errors. For a complete list of major errors, see this table.
  • Minor errors: Differ from the standard permission scheme, but don't impact how Jira Service Management works. You can dismiss these errors if you don't want to use the standard permission scheme. 

Add-on errors (Jira Service Management Cloud only)

All add-ons are granted permissions through the atlassian-addons-project-access role. The role grants permissions to add-ons according to their scopes. To ensure all add-ons can access the permissions that map to their scopes, we recommend that you assign the atlassian-addons-project-access role to all of the permissions in your service project scheme. If the role is not assigned to a permission, Jira Service Management displays the permission warning.

Fixing permission errors

To fix permission errors, you can change the permission scheme yourself, or click the Fix permissions button in the error message to have Jira Service Management fix the errors for you. When you click Fix permissions, Jira Service Management corrects the major and minor errors in your permission scheme by doing the following:

  1. Disassociates your permission scheme with the service project.
  2. Creates a copy of your permission scheme called %Your permission scheme%1 and associates the scheme with the project.
  3. Fixes the errors by:
    • Granting standard permissions to the AdministratorsService Desk Collaborators, and Service Desk Team roles, and the Service Desk Customer - Portal Access security type.
    • Removing the Service Desk Customers role from all the permissions assigned.


The following table describes how Jira Service Management might fix a permission scheme:

Custom permission scheme Jira Service Management Permission Scheme for Project OAFixed permission scheme Jira Service Management Permission Scheme for Project OA 1

The following permissions differ from the standard permission scheme:

  • User John Smith has the Browse Projects permission.
  • The role Service Desk Customer - Portal Access doesn't have the Create Attachments permission. This is a minor error. 
  • The role Service Desk Customers has the Create Issues permission. This is a major error. 
  • The security type Service Desk Customer - Portal Access does not have the Create Issues permission. This is a major error. 

After you click Fix permissions, the permission scheme Jira Service Management Permission Scheme for Project OA is dissociated with the project. A copy of the permission scheme called Jira Service Management Permission scheme for Project OA 1 is associated with your service project, and has the following changes:

  • User John Smith still has the Browse Projects permission. This is because Fix permissions only corrects role-level errors, not user-level errors.
  • The role Service Desk Customer - Portal Access is assigned the Create Attachments permission.
  • The role Service Desk Customers is removed from the Create Issues permission.
  • The security type Service Desk Customer - Portal Access is granted the Create Issues permission. 

Major permission errors

Major permission errors break core service project functionality. Jira Service Management displays a warning until you fix them.

ErrorExplanation

The Service Desk Team role or the Service Desk Collaborators role has the Administer Projects permission.

If you grant the Administer Projects permission to agents (Service Desk Team) or collaborators, then they become administrators for the project.

If you don't fix this error, Jira Service Management will disable agent or collaborator management, and administrators will not be able to add agents or collaborators to the project.

The Service Desk customers role is granted permissions directly.

If you grant permissions to the Service Desk customers role, then customers have access to Jira functions. To ensure that customers only have access to the customer portal, grant permissions to the Service Desk customer - Portal Access security type instead.

If you don't fix this error, then administrators won't be able to add customers to the project, public signup will e disabled, and service projects will be restricted to customers who are added to the project.

The Administrators role doesn't have the following required permissions:

  • Browse Projects
  • Administer Projects
  • Edit Issues
  • No Browse Projects permission = Administrators can't access the project.
  • No Administer Projects permission = Administrators can't access Project settings.  
  • No Edit Issues permission = Administrators can't edit issues.

The Service Desk customer - Portal Access security type doesn't have the following required permissions:

  • Browse Projects
  • Create Issues
  • Add Comments
  • No Browse Projects permission = Customers can't log in to the customer portal.
  • No Create Issues permission = Customers can't create requests in the customer portal.
  • No Add Comments permission = Customers can't comment on their requests.
The Service Desk Team role doesn't have the following required permissions:
  • Browse Projects
  • Edit Issues
  • No Browse Projects permission = Agents can't access the project.
  • No Edit Issues permission = Agents can't edit issues and become collaborators.
The Service Desk Collaborators role doesn't have the Browse Projects permission.No Browse Projects permission = Collaborators can't access the project.
The Service Desk Collaborators role has the Edit Issues permission.

Users must be agents (have the Service Desk Team role) to edit issues.

DescriptionWhen you create a service project, it uses a permission scheme called Jira Service Management Permission Scheme for %ProjectKey%. If you change this permission scheme, then Jira Service Management might display a permission error
ProductJira
PlatformServer
Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.