For JSM Customer user how to check request/issue access permissions

Hi. We have a need to verify a JSM “customer” user has access to a specific issue/requestId from the JSM/Platform REST API. This is to perform security enforcement to verify the context of backend calls the user has permission to see.

For non-JSM projects and regular users we use the standard platform Permissions Check API to verify user can see the specific issue (e.g. BROWSE_PROJECT and issueId access).

However this API does not appear to work for customer users. It returns no Browse/Edit access to issues that customer user can actually see in the portal.

Appreciate any guidance on how to enforce this issue/request access security check from a connect app that does not have RUN_AS_USER.

Thank you
Chris

Hello @Chris_at_DigitalRose ,

I have not used a JSM-specific API to do the permission checks (like the one you linked). Having said that, do you think something like Get customer request by ID can help - a 200 means the customer has permission, while a 403 means the user do not? Might not be as clean as the permission check, but might be a viable workaround for your use case.

Cheers,
Ian

Thank you for the idea. That API would work client side, but not server side as the server api auth to Jira as the app user not the JSM customer…

Chris