Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Best practice for configurering a JIRA "dumb" user in heavy regulated organisations

Kristian Thomsen
Kristian Thomsen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 13, 2017

Hi. 

We would like to use wallboards around the organization to show relevant sprint data from JIRA 7. 

The industry have high security requirements, so it isn't possible for users to be logged in. Is there any best practice for conguring af dummy/serviceaccount user with restricted access ?

The user needs to be able to browse specific projects and access certain dashboards. It needs to be configured centrally by system administrators, since the local project administrator in theory would be able to assign the user project administrator role by a mistake. 

Kind regards.

Answer
Watch
Like Be the first to like this
632 views

1 answer

0 votes
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2017

Hi Kristian,

if you want to avoid that project admins play around with that user in the described way it would mean that you have to assign the user directly in the permission scheme of each project and make sure that the manage project permission is never given to a role but always to groups that you control - lots of administrative overhead in my opinion. So what do you fear? You could just create a filter to look for updates made by this user and let it send you an email every hour if the user does something.

Another way could be to implement a static html page where you embed the gadgets using iframes and store the login data to access these in some encrypted way. So the user should not really be logged in in a way that you can do bad things with this user. Don't know if this is possible but it might be worth a try?

Cheers

Christoph

View More Comments
Kristian Thomsen
Kristian Thomsen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 14, 2017

Thanks for your reply.

We were asked by the security department to ensure, that the dummy user i tamper-proof. If it is up to the project administrators to assign it the right role, we will according to the security department set up a week link.

The static page would, surprise, hinder the dynamic and iterative approach to dashboard creation, so that is not an option :)

So according to you. Best practice would be to let project administrators assign the dummy user and then monitor the dummy users action by filters ?

Like
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 14, 2017

You're welcome Kristian - yes monitoring the user with a JIRA filter which you subscribe to is the least work and provides some monitoring if the user is used by someone - of course you are not monitoring if versions are created by this user or if he deletes issues but maybe you could name the user something like "don't make me project admin"? ;) 

Cheers 

Christoph 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security