Resolve permission scheme errors in Jira Service Management
When you create a service project, it uses a permission scheme called Jira Service Management Permission Scheme for %ProjectKey%. If you change this permission scheme, then Jira Service Management might display a permission error similar to the following:
For information about mandatory permissions for Jira Service Management roles, see Using custom permission schemes.
About permission errors
Permission errors are differences between your permission scheme and the standard Jira Service Management permission scheme. There are two types of errors:
- Major errors: Break core service project functionality, such as adding agents or allowing customers to log in to the portal. Jira Service Management displays a warning until you fix major errors. For a complete list of major errors, see this table.
- Minor errors: Differ from the standard permission scheme, but don't impact how Jira Service Management works. You can dismiss these errors if you don't want to use the standard permission scheme.
Add-on errors (Jira Service Management Cloud only)
All add-ons are granted permissions through the atlassian-addons-project-access role. The role grants permissions to add-ons according to their scopes. To ensure all add-ons can access the permissions that map to their scopes, we recommend that you assign the atlassian-addons-project-access role to all of the permissions in your service project scheme. If the role is not assigned to a permission, Jira Service Management displays the permission warning.
Fixing permission errors
To fix permission errors, you can change the permission scheme yourself, or click the Fix permissions button in the error message to have Jira Service Management fix the errors for you. When you click Fix permissions, Jira Service Management corrects the major and minor errors in your permission scheme by doing the following:
- Disassociates your permission scheme with the service project.
- Creates a copy of your permission scheme called %Your permission scheme%1 and associates the scheme with the project.
- Fixes the errors by:
- Granting standard permissions to the Administrators, Service Desk Collaborators, and Service Desk Team roles, and the Service Desk Customer - Portal Access security type.
- Removing the Service Desk Customers role from all the permissions assigned.
The following table describes how Jira Service Management might fix a permission scheme:
|Custom permission scheme Jira Service Management Permission Scheme for Project OA||Fixed permission scheme Jira Service Management Permission Scheme for Project OA 1|
The following permissions differ from the standard permission scheme:
After you click Fix permissions, the permission scheme Jira Service Management Permission Scheme for Project OA is dissociated with the project. A copy of the permission scheme called Jira Service Management Permission scheme for Project OA 1 is associated with your service project, and has the following changes:
Major permission errors
Major permission errors break core service project functionality. Jira Service Management displays a warning until you fix them.
The Service Desk Team role or the Service Desk Collaborators role has the Administer Projects permission.
If you grant the Administer Projects permission to agents (Service Desk Team) or collaborators, then they become administrators for the project.
If you don't fix this error, Jira Service Management will disable agent or collaborator management, and administrators will not be able to add agents or collaborators to the project.
The Service Desk customers role is granted permissions directly.
If you grant permissions to the Service Desk customers role, then customers have access to Jira functions. To ensure that customers only have access to the customer portal, grant permissions to the Service Desk customer - Portal Access security type instead.
If you don't fix this error, then administrators won't be able to add customers to the project, public signup will e disabled, and service projects will be restricted to customers who are added to the project.
The Administrators role doesn't have the following required permissions:
The Service Desk customer - Portal Access security type doesn't have the following required permissions:
|The Service Desk Team role doesn't have the following required permissions:|
|The Service Desk Collaborators role doesn't have the Browse Projects permission.||No Browse Projects permission = Collaborators can't access the project.|
|The Service Desk Collaborators role has the Edit Issues permission.|
Users must be agents (have the Service Desk Team role) to edit issues.