Community
Products
Jira
Questions
JIRA Server - security best practice

JIRA Server - security best practice

Hello,

I'm running JIRA Software & Service Desk on the same server and am looking at creating a JIRA Service Desk Project that will allow public sign-up.

JIRA Internal Directory is in use.

I'm wanting to mitigate the risk of a public customer being accidentally assigned to a JIRA Group that would give them access to our internal Software and Business projects.

Any suggestions or experiences appreciated.

Thanks,

Andrew

1 answer

1 accepted

0 votes

Answer accepted

Putting a person in the wrong group is nothing you can mitigate against in software. A human chose to put them in the wrong group, the human should not have done that. The computers can only do what they're told.

The suggestions are all around process - record and audit all requests for user changes. Lock it down where you can (although there's not a lot you can do with the internal directory - you have to trust your admins to get it right). Regularly report on permissions and who has them. And make sure your admins are a small team, well trained, well educated on the risks of getting it wrong (and understanding it IS their fault if it fails), and they collaborate tightly.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

JIRA Server - security best practice

1 answer

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events