Customers not added to a restricted service project can see the portal

Platform Notice: Cloud Only - This article only applies to Atlassian apps on the cloud platform.

Summary

Customers can view a project in the JSM portal, even when they are not added as a "Customer" and portal access is set to "Restricted."

Solution

Remove Browse Project permissions set to custom fields

If Channel Access is set to restricted and the customer is not added under Project > Customers, then validate the project permissions.

  1. Navigate to Project Settings > Permission

  2. Check if the Browse Project permission is granted for either "User custom field value" OR "Group custom field value"

  3. If the Browse Project permission is granted to these values, remove them from the Browse Project permission

After removing these permissions the portal should no longer be visible to the customer.

Known bug with the Browse Project permission

If the permission scheme grants "Browse Project" permission to a "User custom field value" OR "Group custom field value" field the portal will be visible to the user.

This occurs even if the user is not a part of the user or group listed on the permission. Please refer to: JSDCLOUD-8167 "Browse Project" permission set for Reporter overrides the customer permission that results the project getting exposed in the customer portal

Updated on April 21, 2026
Platform
Cloud only
App
Jira Service Management Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community