Resolving permission scheme errors

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

When you use a custom permission scheme, if the permission settings are different from those of the standard permission scheme, you will see a permission error similar to the following one. 

On this page

Related pages

Explanation of permission scheme errors

 

JIRA Service Desk considers the differences between your permission scheme and the standard JIRA Service Desk one as errors and there are two categories of errors:

  • Major errors: These ones either cause certain administration functionality to be disabled (for example you cannot add agents to your service desk), or impact the day-to-day use of your service desk (for example customers cannot log in to the Customer Portal). The following table describes what JIRA Service Desk considers as major errors. You must fix these errors for JIRA Service Desk to return to normal operation. 
  • Minor errors: The permission differences that do not impact how JIRA Service Desk works are considered as minor errors. You do not have to use the standard permission setup for these permissions. 

Resolving errors

You can resolve the permission errors by changing the permission scheme yourself or using the Fix permissions button in the error message.  

What does the Fix permissions button do?

The Fix permissions button on the message disassociates your custom permission scheme with the service desk project, creates a copy of your permission scheme with the name of <your_permission_scheme [number]>, and associates this new scheme with the project. The new scheme fixes the errors by:

  • Granting the standard permissions to the Administrators, Service Desk Collaborators and Service Desk Team roles and the Service Desk Customer - Portal Access security type as described on the Standard permissions page.
  • Removing the Service Desk Customers role from all the permissions assigned.
  • Leaving other permission setup as is. 

Example:

 

Your original permission schemeThe new permission scheme

The name of the original one is 'JIRA Service Desk Permission scheme for Project OA'.

The following permissions are set up differently from the standard permission scheme:

  • User John Smith has the Browse Projects permission. This is a minor error. 
  • The Service Desk Customers role has the Create Issues permission. This is a major error. 
  • The  Service Desk Customer - Portal Access security type does not have the Create Issues permission. This is the major error. 

After you click Fix permissions, the 'JIRA Service Desk Permission scheme for Project OA' permission scheme is dissociated with the project, and a new permission scheme called 'JIRA Service Desk Permission scheme for Project OA 1' will be applied to your service desk. 

  • User John Smith will still have the Browse Projects permission.
  • The Service Desk Customers role is removed from the Create Issues permission.
  • The  Service Desk Customer - Portal Access security type will be granted the Create Issues permission. 

 

What are major permission errors?

Major permission errors cause certain functionality of JIRA Service Desk to be disabled. 

ErrorExplanation

The Service Desk Team role or the Service Desk Collaborators role is granted the Administer Projects permission.

Granting the Administer Projects permission to your agents or collaborators means that all agents or collaborators become administrators for your service desk.

This is a severe security issue. JIRA Service Desk will disable the functionality of agent or collaborator management. As a result, administrators will not be able to add any agent or collaborator.

The Service Desk Customers role is granted any permission directly.

Granting permissions to this role gives customers access to JIRA functions. Customers should only have access to a Customer Portal and permissions should be granted to the  Service Desk Customer - Portal Access security type.

As a result, administrators will not be able to add any customers to the service desk. Open service desks will become restricted. Public signup will be disabled.

The Administrators role does not have the following required permissions:

  • Browse Projects
  • Administer Projects
  • Edit Issues
  • No Browse Projects permission = Administrators cannot access the service desk.
  • No Administer Projects permission = Administrators cannot modify settings of the service desk.  
  • No Edit Issues permission = Administrators cannot edit issues.

The Service Desk Customer - Portal Access security type does not have the following required permissions:

  • Browse Projects
  • Create Issues
  • Add Comments
  • No Browse Projects permission = Customers cannot access the Customer Portal of the service desk, that is they cannot log in.
  • No Create Issues permission = Customers cannot create requests on the Customer Portal.
  • No Add Comments permission = Customers cannot add comments to their requests.
The Service Desk Team role does not have the following required permissions:
  • Browse Projects
  • Edit Issues
  • No Browse Projects permission = Agents cannot see the service desk.
  • No Edit Issues permission = Agents cannot edit issues and become collaborators.
The Service Desk Collaborators role does not have the following required permission:
  • Browse Projects
No Browse Projects permission = Collaborators cannot see the service desk.
The Service Desk Collaborators role is granted the Edit Issues permission.

Collaborators should not be able to edit issues and here's why:

For example, if you want to add a user as a collaborator on service desk HR and as an agent on service desk IT, granting the Edit Issues permission to the Service Desk Collaborators role on the HR project will make the collaborator an agent on the HR service desk instead of a collaborator.

Last modified on Sep 9, 2014

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.