When you use a custom permission scheme, if the permission settings are different from those of the standard permission scheme, you will see a permission error similar to the following:


Explanation of permission scheme errors

Jira Service Management considers the differences between your permission scheme and the standard Jira Service Management permission scheme as errors in the following two categories:

  • Critical errors (red): These errors either cause certain administration functionality to be disabled (for example you cannot add agents to your service project), or impact the day-to-day use of your service project (for example customers cannot log in to the Customer Portal). This table describes what Jira Service Management considers as critical errors. You cannot dismiss these error messages, as you must fix them in order for Jira Service Management to return to normal operation.  
  • Non-critical errors (yellow): Permission scheme differences that do not impact how Jira Service Management works are considered as non-critical errors. You can dismiss these error messages if you do not want to use the standard permission setup.

Resolving errors

You can resolve the permission errors by changing the permission scheme yourself or using the Fix permissions button in the error message.  

What does the Fix permissions button do?

The Fix permissions button on the message disassociates your custom permission scheme with the service project, creates a copy of your permission scheme with the name of <your_permission_scheme [number]>, and associates this new scheme with the project. The new scheme fixes the errors by:

  • Granting the standard permissions to the Administrators and Service Desk Team roles, and the Service Desk Customer - Portal Access security type.
  • Removing the Service Desk Customers role from all the permissions assigned.
  • Leaving other permission setup as is. 
Your original permission scheme
The new permission scheme

The name of the original one is 'Jira Service Management Permission scheme for Project OA'.

The following permissions are set up differently from the standard permission scheme:

  • User John Smith has the Browse Projects permission. This is a minor error. 
  • The Service Desk Customers role has the Create Issues permission. This is a major error. 
  • The  Service Desk Customer - Portal Access security type does not have the Create Issues permission. This is the major error. 

After you click Fix permissions, the 'Jira Service Management Permission scheme for Project OA' permission scheme is dissociated with the project, and a new permission scheme called 'Jira Service Management Permission scheme for Project OA 1' will be applied to your service project. 

  • User John Smith will still have the Browse Projects permission.
  • The Service Desk Customers role is removed from the Create Issues permission.
  • The  Service Desk Customer - Portal Access security type will be granted the Create Issues permission. 

What are critical permission errors?

Critical permission errors cause certain functionality of Jira Service Management to be disabled. 

ErrorExplanation

The Administrators role does not have the following required permissions:

  • Browse Projects
  • Administer Projects
  • Edit Issues
  • No Browse Projects permission = Administrators cannot access the service desk.
  • No Administer Projects permission = Administrators cannot modify settings of the service desk.  
  • No Edit Issues permission = Administrators cannot edit issues.

The Service Desk Customer - Portal Access security type does not have the following required permissions:

  • Browse Projects
  • Create Issues
  • Add Comments
  • No Browse Projects permission = Customers cannot access the Customer Portal of the service desk, that is they cannot log in.
  • No Create Issues permission = Customers cannot create requests on the Customer Portal.
  • No Add Comments permission = Customers cannot add comments to their requests.

The Service Desk Customers role is granted any permission directly.

Granting permissions to this role gives customers access to Jira functions. Customers should only have access to a Customer Portal and permissions should be granted to the  Service Desk Customer - Portal Access security type.

As a result, administrators will not be able to add any customers to the service project. Open service projects will become restricted. Public signup will be disabled.

The Service Desk Team role does not have the following required permissions:
  • Browse Projects
  • Edit Issues
  • No Browse Projects permission = Agents cannot see the service project.
  • No Edit Issues permission = Agents cannot edit issues.

The Service Desk Team role is granted the Administer Projects permission.

Granting the Administer Projects permission to your agents means that all agents become administrators for your service project.

This is a severe security issue. Jira Service Management will disable the functionality of agent management. As a result, administrators will not be able to add any agents.