Permissions in Jira integration+ are built into every interaction your users have with the platform. This guide provides details on how permissions work and the options available to your team.
What to know
Users Jira permissions are automatically respected by Jira Integration+
Project access can be further limited via our settings
We have account admin and channel admin user types
Connected User and Application Link
The main user is the user who initially connected your bot in Slack to your Jira instance. This user requires admin permissions in Jira to create a connection to the APIs.
The default permissions for all API calls we make to Jira are automatically limited to the access of this main user and further limited based on user authorization (see below).
Some of our customers create service accounts for these users.
User connections
The first time users interact with the app they will automatically be required to connect their Slack account with their Jira account to establish connectivity and permissions in Jira.
What to know
Your password is never shared with our systems
Every action you take in Slack (create, comment, etc) will be attributed to your account in Jira.
Your permissions are based on your Jira access.
You will be asked to connect your account when you perform you first action in Slack. You can also manually trigger connection by typing /jira-plus connect
Click the Connect Now button in Slack
Click Allow in Jira
Click the button to go to the home screen in Slack.
How permissions are applied
Learn how permissions would be applied to specific scenarios with the following use cases.
Case 1: User project access equals main user
In this case the main user has access to Project FIN (Finance) in Jira and the connected user has access FIN (Finance) in Jira.
Result: Connected user has access FIN with the app.
Case 2: User project access less than main user
In this case the main user has access to Project FIN (Finance) in Jira and the connected user cannot access FIN (Finance) in Jira.
Result: Connected user cannot access FIN with the app.
Case 3: User project access more than main user
In this case the main user cannot access to Project FIN (Finance) in Jira and the connected user has access FIN (Finance) in Jira.
Result: Connected user cannot access FIN with the app.
Why? The main user is the primary connection to Jira and the apps permissions are inherited from the main user as a starting point. Every other users access is a subset of the main users access.
Case 4: User can view but not update issues in Project
In this case the connected user has VIEW access to Project FIN (Finance) in Jira but does not have UPDATE access.
Result: Connected user can view issues in FIN but cannot update issues in FIN.
Why? Users can never perform actions in the app that are not allowed in the Jira settings.
Overriding permissions with settings
If you don't want to manage access in Jira you can also restrict or allow access to specific projects in the app settings. This feature is available in your account (assuming you have administration permission).
Login to your account
Go to Settings under Jira Integration+
Scroll to the Blocked Projects section
Choose your blocking action
Allowed - only projects you select will be allowed.
Denied - projects you select will be denied.
Click the Save button to save changes.
Changing the Main User
Changing your main account will reset your connections to Jira.
Switching the main user can cause some disruptions for your team if you are already using our platform in production. The disruption is based on the authorizations that exist in Jira for your API connection and the way OAuth works for connecting and authorizing with the APIs. If you are making this change it might be a good time to move to a service account.
The main impact for users will be requests to re-authorize their accounts.
Login to Jira with the account you would like to use as your main user.
Login to your account
Scroll down to the Integration+ Status section
Find the Main authorized user is section
Click the change link
Click the Allow button in Jira