Skip to end of banner
Go to start of banner

How do permissions work? How is Jira access-controlled?

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Permissions in Jira integration+ are built into every interaction your users have with the platform. This guide provides details on how permissions work and the options available to your team.

What to know

  • Users Jira permissions are automatically respected by Jira Integration+

  • Project access can be further limited via our settings

  • We have account admin and channel admin user types

The main user is the user who initially connected your bot in Slack to your Jira instance. This user requires admin permissions in Jira to create a connection to the APIs.

The default permissions for all API calls we make to Jira are automatically limited to the access of this main user and further limited based on user authorization (see below).

Some of our customers create service accounts for these users.

User connections

The first time users interact with the app they will automatically be required to connect their Slack account with their Jira account to establish connectivity and permissions in Jira.

What to know

  • Your password is never shared with our systems

  • Every action you take in Slack (create, comment, etc) will be attributed to your account in Jira.

  • Your permissions are based on your Jira access.

You will be asked to connect your account when you perform you first action in Slack. You can also manually trigger connection by typing /jira-plus connect

  1. Click the Connect Now button in Slack

  2. Click Allow in Jira

  3. Click the button to go to the home screen in Slack.

How permissions are applied

Learn how permissions would be applied to specific scenarios with the following use cases.

Case 1: User project access equals main user

In this case the main user has access to Project FIN (Finance) in Jira and the connected user has access FIN (Finance) in Jira.

  • Result: Connected user has access FIN with the app.

Case 2: User project access less than main user

In this case the main user has access to Project FIN (Finance) in Jira and the connected user cannot access FIN (Finance) in Jira.

  • Result: Connected user cannot access FIN with the app.

Case 3: User project access more than main user

In this case the main user cannot access to Project FIN (Finance) in Jira and the connected user has access FIN (Finance) in Jira.

  • Result: Connected user cannot access FIN with the app.

    • Why? The main user is the primary connection to Jira and the apps permissions are inherited from the main user as a starting point. Every other users access is a subset of the main users access.

Case 4: User can view but not update issues in Project

In this case the connected user has VIEW access to Project FIN (Finance) in Jira but does not have UPDATE access.

  • Result: Connected user can view issues in FIN but cannot update issues in FIN.

    • Why? Users can never perform actions in the app that are not allowed in the Jira settings.

Overriding permissions with settings

If you don't want to manage access in Jira you can also restrict or allow access to specific projects in the app settings. This feature is available in your account (assuming you have administration permission).

  1. Login to your account

  2. Go to Settings under Jira Integration+

  3. Scroll to the Blocked Projects section

  4. Choose your blocking action

    1. Allowed - only projects you select will be allowed.

    2. Denied - projects you select will be denied.

  5. Click the Save button to save changes.

Changing the Main User

Changing your main account will reset your connections to Jira.

Switching the main user can cause some disruptions for your team if you are already using our platform in production. The disruption is based on the authorizations that exist in Jira for your API connection and the way OAuth works for connecting and authorizing with the APIs. If you are making this change it might be a good time to move to a service account.

The main impact for users will be requests to re-authorize their accounts.

  1. Login to Jira with the account you would like to use as your main user.

  2. Login to your account

  3. Scroll down to the Integration+ Status section

  4. Find the Main authorized user is section

  5. Click the change link

  6. Click the Allow button in Jira

  • No labels