Manage how people access your team-managed service space
This page is for team-managed spaces
Read about the difference between company-managed and team-managed spaces
You can't edit space permissions or roles on the Free plan for Jira Cloud, and you can't configure work-level security on any Free plan (including Jira Service Management).
Find out more about how space permissions work in Free plans. To take advantage of Jira’s powerful space permission management features, upgrade your plan
In team-managed spaces, any permission or access you want to give people in your space is controlled on the Access page. Here you can add internal collaborators and team members to your team-managed service space, give them a role, and start working together to resolve customer requests.
This page shows:
The list of people who have access to your space. More on how to add people to your space
The role they have in your space.
To get there, from your space’s sidebar, select Service space settings, then Access.
You must have the administrator role in your space to do the things described on this page.
Set the internal access level of your team-managed service space
Team-managed service spaces can be private, just between your team and your customers. Or, they can be open for anyone else working inside your Jira site to see. We recommend keeping your work open and accessible.
But, if you want to restrict who can access your service space and what they can do in it, you can change your space’s access.
To change your service space’s internal access:
From your space’s sidebar, select Service space settings, then Access.
Under Space access, select Change internal access.
Choose the level of access you want to give and select Change.
Your service space’s internal access level sets who can search, view, and add notes to the service space and its customer requests, when they’ve logged into your Jira site.
Internal access does not affect how customers access and submit requests to your service team, either through email or the customer portal. To change how customers access your service team, read more about setting customer permissions
Team-managed service spaces have two, simple internal access levels:
Open. When a service space is open, anyone who logs into your Jira site (not the customer portal) can view and add internal notes to your space’s customer requests. With this access level, Jira Service Management gives anyone who logs into your Jira site the Agent role in your service space. Only people who have both the Agent role and product access to Jira Service Management can communicate with customers and resolve requests.
Private. When a service space is private, only Jira admins and people added to the service space can see it or its requests in search results.
Jira administrators (anyone with the Administer Jira global permission) always have access to your service space’s settings.
Your service space’s access level sets general permissions for people with internal access to you Jira site. You can give specific access or additional permissions to individual people by creating your own roles.
Understand roles
In real life, people play different roles in your service team. Your team may have an IT manager who reports on your team’s progress, or you may work with consultants or contractors.
In Jira Service Management, roles allow you to fine-tune how people internally access and interact with your service space. Different roles may need a limited amount of access to the content of your team’s work. Or, you might want to limit what they are able to do in your service space. For example, you may want to allow only your team’s IT manager to create the queues that your agents work on. Or, you might want to prevent a consultant from changing a request’s status.
Team-managed service spaces come with three roles by default. They’re our recommendation for the parts people play in simple, straightforward service teams:
Administrator. Admins can do most things, like update settings and add other admins to the service space. They can customize request types, manage features like embeddable widgets, and add automation rules to customer requests. Admins need product access to Jira Service Management to get the full benefit of this role.
Agent. Agents are your service team. They can communicate with customers, and edit and resolve customer requests. Agents need product access to Jira Service Management to get the full benefit of this role.
Viewer. Viewers can search through and view work items in your space, but not much else. You can give any registered user on your site this role without extra product access. This means if they have access to either Jira Software or Jira Work Management, they can collaborate with your service agents internally without any added cost.
You can create your own roles to further customize people’s internal access to your service space. Read more about creating roles below.
While customers play a distinct role in your service space, you should manage their access on the Customers page. Keep in mind that any people you add to the Internal access page will be able to see what your agents see. People you add to the Customers page will only see the customer portal. Read about customers and customer permissions
Change a person’s role in your team-managed service space
In addition to your service space’s internal access level, you can use roles to manage people’s permissions in your service space.
To change the roles assigned to a person or group in your service space:
From your space’s sidebar, select Service space settings, to Access.
In the person's entry on the table, select the Role drop down menu.
Tick the boxes next to the roles you want the person to have.
When you give someone a role, remember that they also inherit the role given by your service space’s internal access level:
In Open spaces, everyone with internal access to your Jira site is given the default Agent role. Only people with product access to Jira Service Management can communicate with customers.
In Private spaces, only Jira admins and people you add to the space have a role.
Team-managed service spaces come with the following default roles:
Administrator. Admins can do most things, like update settings and add other admins to the service space. They can customize request types, manage features like embeddable widgets, and add automation rules to customer requests.
Agent. Agents are your service team. If they have product access to Jira Service Management, they can communicate with customers, and edit and resolve customer requests.
Viewer. Viewers can search through and view customer requests in your service space. They can add internal notes, but they can’t communicate with customers. Typically, viewers are collaborators who can work with agents internally on your Jira site to resolve a customer’s request. For example, your system admin who needs to give a customer permission to a service, or a manager who might need to approve a purchase order.
View a role's permissions
To see the set of permissions granted to a particular role in your space:
From your space’s sidebar, select Space settings, to Access.
Select Manage roles.
Select the role whose permissions you want to view.
Read the details of each available permission
Create a role in your team-managed service space
Team-managed service spaces allow you to fine-tune the internal access you give to people to your team’s work. You can create roles to customize the permissions you grant to certain people or groups.
To create a role and customize it’s permissions:
From your space’s sidebar, select Service space settings, then Access.
Select Manage roles.
Select Create role.
Give the role a name and a description.
Select the permissions that people in the role should have. More about permissions
Select Create.
When you add someone to a role, remember that they also inherit the role given by your service space’s internal access level:
In Open spaces, everyone with internal access to your Jira site is given the default Viewer role.
In Private spaces, only Jira admins and people you add to the space have a role.
Some permissions require product access to Jira Service Management
If you add people to a role that grants these permissions, make sure they have access to Jira Service Management. If not, they may encounter access problems and won’t get the full benefit of the features you intended them to use.
Only your site admin can grant individuals product access to Jira Service Management. Read more about product access
Duplicate a role and its permissions
As your team matures, you might find slight differences in closely related roles on your team. Rather than recreate these roles from scratch in your service space, you can use an existing role as a starting point.
To duplicate a role:
From your space’s sidebar, select Service space settings, then Access.
Select Manage roles.
Locate the role you want to duplicate and select Duplicate ()
Adjust the role’s name and description.
Review the permissions that people in the role should have. More about permissions
Select Create.
Edit a role and its permissions
People’s roles on your team naturally change. Over time, you may want give people in a certain role more power in your service space, or limit what they can do.
To edit the set of permissions granted to a particular role in your service space:
From your space’s sidebar, select Service space settings, then Access.
Select Manage roles.
Select the role whose permissions you want to edit.
Select the permissions that people in the role should have. More about permissions
Select Update.
Any permission updates you make apply to everyone who has the role in your service space.
You can’t edit the roles that come with Jira Service Management by default. However, you can duplicate them to use them as a starting point for a new role in your service space.
Delete a role
You can delete a role if you no longer need it in a team-managed space. For example, if you have two roles - lead and manager - that have the same permissions, you can delete one of these roles.
To delete a role:
From your space’s sidebar, select Service space settings, then Access.
Select Manage roles.
Find the role you want to delete and select Delete ()
You can’t delete the default Administrator, Agent, or Viewer roles that come with your service space.
Deleting a role in a team-managed space may impact
Notifications. More about notifications in team-managed spaces
Workflow rules. More about workflow permissions in team-managed spaces
If you change your mind later, you will have to recreate the above for the role.
Deleting a role doesn’t remove people with that role from the service space. More about removing people
Was this helpful?