GDPR Compliance
Looking for the documentation on the newest versions of Power Scripts for Jira 8 for Server/Data Center? Click here !
There are some important changes coming to Jira Cloud that you must pay attention to. On April 29th, new changes will be made to the APIs that retrieve user information in order to comply with the new GDPR regulations. Atlassian has stated that they will continue to support the legacy user APIs for a short period of time to allow users to make the necessary accommodations. It is important that you understand these changes and take action so that your existing automation and integrations are not impacted.
What is GDPR?
GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU. This regulation governs how any business operating within the EU may handle the collection of personal data. Because of these new regulations many business have had to abandon fundamental practices in favor for new methods in order to become compliant to the new laws.
Whats changing?
Atlassian will be making changes to the APIs that store user information. The username and userkey attributes will be replaced with a single accountId identifier attribute. Atlassian will also make the users email address and full name private by default. The user has the option to edit their profile and allow this information to be shared, however, these attributes may no longer be available for many users going forward.
Why does this matter?
Our whole philosophy behind SIL (Simple Issue Language) is to allow you to automation and integrate external systems with Jira in a manner that is safe from change. We believe that you should welcome new versions to the Atlassian products and be free to upgrade with out refactoring existing scripts, the way you need to with other add-ons, and without fear of impacting your existing scripts in any way. We work hard to make sure SIL scripts are both forward and backward compatible and that the language is as similar as possible between server and cloud. However, despite our best efforts, the changes to the user APIs due to the GDPR regulations may require you to make modifications to your existing script.
How do I change my scripts?
Avoid making direct comparisons against a username or email address. Instead, add users to a special project role or group in order to qualify the current user.
Comparisons
You should no longer do this:
if(currentUser() != "admin") { return false; }
Instead, do this:
if(currentUser() != "5be24ad8b1653240376955d2") { return false; }
This method would work consistently but it hard to read and understand what the script is doing.
Or better yet, do this:
if(!isUserInRole(currentUser(), "Special Access Role")) { return false; }
By using roles and groups you do not need to use the personal information as a comparison, the script only needs to confirm the presence of the user in the role or group.
Notifications
Avoid using email addresses hard-coded in the script. Instead, custom events could be created in order to send notifications. The benefit of using custom notifications is that users can be managed on a per-project basis using the standard notification scheme.
Try not to do this:
sendEmail("", "testEmail@cprime.com", "", "testSubject.tpl", "testBody.tpl");
Instead, try this:
raiseEvent("Custom Event Name", key, currentUser());
Using events you can send emails conditionally since the custom event will only ever be called by the script. Using this method avoids the need of knowing the users email address in order to send the notification.
New Features
While we can not control what Atlassian is doing with the APIs we want to help you as much as we can. We have added some new routines to encrypt and decrypt sensitive data that you can't live without. This will allow you to store personal information (usernames, passwords, etc.) in a more secure manor. These routines will be available in the next version.
We are here to help!
If you have any questions about these changes or run into any problems feel free to contact us at products@cprime.com.
Other routines that could be impacted
Depending on how you use the following routines your scripts could be impacted by these API changes:
- currentUser
- currentUserKey
- currentUsername
- getUser
- getUserByEmail
- getUserByFullName
- isUserInRole
- projectMembers
- projectPM
- projectsForPM
- runAs
- userFullName
- userInGroup
- usersInGroups
- usersInRole