Resolve Jira Service Management permission errors

When you use a custom permission scheme, if the permission settings are different from those of the standard permission scheme, you will see a permission error similar to the following:

Permission error in Jira Service Management

Explanation of permission scheme errors

Jira Service Management considers the differences between your permission scheme and the standard Jira Service Management permission scheme as errors in the following two categories:

  • Critical errors (red): These errors either cause certain administration functionality to be disabled (for example you cannot add agents to your service space), or impact the day-to-day use of your service space (for example customers cannot log in to the Customer Portal). This table describes what Jira Service Management considers as critical errors. You cannot dismiss these error messages, as you must fix them in order for Jira Service Management to return to normal operation.  

  • Non-critical errors (yellow): Permission scheme differences that do not impact how Jira Service Management works are considered as non-critical errors. You can dismiss these error messages if you do not want to use the standard permission setup.

Resolving errors

You can resolve the permission errors by changing the permission scheme yourself or using the Fix permissions button in the error message.  

What does the Fix permissions button do?

The Fix permissions button on the message disassociates your custom permission scheme with the service space, creates a copy of your permission scheme with the name of <your_permission_scheme [number]>, and associates this new scheme with the space. The new scheme fixes the errors by:

  • Granting the standard permissions to the Administrators and Service Desk Team roles, and the Service Space Customer - Portal Access security type.

  • Removing the Service Desk Customers role from all the permissions assigned.

  • Leaving other permission setup as is. 

Your original permission scheme

The new permission scheme

The name of the original one is 'Jira Service Management Permission scheme for Space OA'.

The following permissions are set up differently from the standard permission scheme:

  • User John Smith has the Browse Spaces permission. This is a minor error. 

  • The Service Desk Customers role has the Create work items permission. This is a major error. 

  • The  Service Space Customer - Portal Access security type does not have the Create Work Item permission. This is the major error. 

After you click Fix permissions, the 'Jira Service Management Permission scheme for Space OA' permission scheme is dissociated with the space, and a new permission scheme called 'Jira Service Management Permission scheme for Space OA 1' will be applied to your service space. 

  • User John Smith will still have the Browse Spaces permission.

  • The Service Desk Customers role is removed from the Create work items permission.

  • The  Service Space Customer - Portal Access security type will be granted the Create Work Items permission. 

What are critical permission errors?

Critical permission errors cause certain functionality of Jira Service Management to be disabled. 

Error

Explanation

The Administrators role does not have the following required permissions:

  • Browse Spaces

  • Administer Spaces

  • Edit Work Items

  • No Browse Spaces permission = Administrators cannot access the service desk.

  • No Administer Spaces permission = Administrators cannot modify settings of the service desk.  

  • No Edit Work Items permission = Administrators cannot edit work items.

The Service Space Customer - Portal Access security type does not have the following required permissions:

  • Browse Spaces

  • Create Work Items

  • Add Comments

  • No Browse Spaces permission = Customers cannot access the Customer Portal of the service desk, that is they cannot log in.

  • No Create Work Items permission = Customers cannot create requests on the Customer Portal.

  • No Add Comments permission = Customers cannot add comments to their requests.

The Service Desk Customers role is granted any permission directly.

Granting permissions to this role gives customers access to Jira functions. Customers should only have access to a Customer Portal and permissions should be granted to the  Service Space Customer - Portal Access security type.

As a result, administrators will not be able to add any customers to the service space. Open service spaces will become restricted. Public signup will be disabled.

The Service Desk Team role does not have the following required permissions:

  • Browse Spaces

  • Edit Work Items

  • No Browse Spaces permission = Agents cannot see the service space.

  • No Edit Work Items permission = Agents cannot edit work items.

The Service Desk Team role is granted the Administer Spaces permission.

Granting the Administer Spaces permission to your agents means that all agents become administrators for your service space.

This is a severe security work items. Jira Service Management will disable the functionality of agent management. As a result, administrators will not be able to add any agents.

Still need help?

The Atlassian Community is here for you.