A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Missing Action in the Org Audit Log?

Hannes
Hannes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 22, 2026

Hi Community,

yesterday we had login issues into Jira Cloud and later on also we experienced multiple problems in our Jira instance. There was a former user already active (Org admin) and we have the feeling, this user could have manipulate some settings. But the Jira Audit Log and the Org Audit Log do not display anything relevant from this user. Also we checked the Global Automation Log Files with any detection.

The user has been disbled, but what is possible to do for an Org admin without being logged? I tried some actions like IP allowlist or Automation Rules deleting stuff (and than delete the rule), but all actions are logged correctly. We want to know if there are security gaps we have to take care on.

Thanks a lot for your ideas.

Answer
Watch
Like Be the first to like this
37 views

1 answer

0 votes
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
June 22, 2026

Hello Hannes,

I would be careful relying solely on the audit log, as its depth is limited on the Free plan and it primarily tracks configuration changes.

Ensure the former admin's account is fully suspended, revoke their API tokens, and check for connected third-party apps or automation rules that might still be running.

If you suspect unauthorized activity but find nothing in the logs, please raise a private ticket with Atlassian Support so they can inspect the backend session histories for you.

Best,

Arkadiusz🤠

View More Comments
Hannes
Hannes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 22, 2026

Hi!

To clarify: This is a standard edition. I do not have the feeling any action is possible without leaving some steps behind.

 

Like Arkadiusz Wroblewski likes this
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
June 22, 2026

Then i don´t think you have any Security Gaps if User was properly Suspended.

As far as there no Exist any Shadow Admin Accounts you should be fine.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security