Customize Jira Service Management permissions

If you want to customize the permission scheme for your service desk, make sure that you grant permissions to users by granting them:

• to the Administrators role for administrators

• to the Service Desk Team role for agents

• to the Service Desk Customer - Portal Access security type for customers. 

If you grant permissions to groups or individual users instead of the roles and security type, some functionality in your service space might be disabled.

Mandatory permissions by space roles

If you choose to use custom permission schemes, the permissions in the following table are mandatory for the space roles in the typical service desk context. If you configure the permissions for the roles differently than shown in the table and run into problems, you can find the explanation of the problems and how you can fix them on Resolving Jira Service Management permission errors.

Mandatory permissions for the space role: Administrators

This space role must have the Administer spaces permission in order to set up and administer a service desk. This permission allows users to manage service desk functionality like creating new request types, setting up new queues, creating SLAs, and generating reports.

This space role also must have all the permissions granted to the other users of the service desk in order to see all the functionality they'll be using.

Mandatory permissions for the space role: Service Desk Team (agents)

• Create work items (This permission gives users the ability to create work items in a portal.)

• Browse spaces (This permission gives users read-only access to the Reports, People, and SLA tabs in a service desk space, as well as access to the space's portal. Users can also see the Queues tab and work on work items from within the queues.)

• Edit Work Items

• Schedule Work Items

• Add Comments

• Create Attachments

Mandatory permissions for the space role: Service Desk Customers

The permissions for customers must be granted to the Service Desk Customer - Portal Access security type, not the Service Desk Customers role. The Portal Access security type lets customers access the portal, but not Jira. The security type reads the role to determine who are customers.

• Create Work Items (Customers can create requests and view requests they have submitted via the portal)

• Browse spaces (Customers can access the space in the portal)

• Add Comments (Customers can comment on their requests.)

• Create Attachments (Customers can add attachments to their requests)

• Assign Work Items (This permission is mandatory for the Assignee field to work. The Assignee field is an optional hidden field and it automatically channels work items to certain team members.)

In addition, if the service space uses a work item security scheme, make sure that it is configured so that service desk users can view work items. Otherwise, customers might be able to create work items but not view them after they've been created. See Configuring work-level security.