I’m not familiar with Terraform, but from what I understand, if you want to use the Terraform provider to manage Jira Service Management Cloud, especially the operational features like teams, alerts, schedules, and integrations, the API token you use must come from a user with admin privileges for those operations. There are two roles that qualify, Operations Global Admin that can manage operational features within Jira Service Management Cloud such as teams, alerts, schedules, and integrations and Jira Product Admin that has all the Operations Global Admin permissions plus full admin rights across Jira.
Because as far i can tell Terraform manages operational resources, the user needs to be at least an Operations Global Admin. Having Jira Product Admin rights also works but gives more access than necessary.
Also, API tokens reflect the permissions of the user who created them. There aren’t special system tokens, so the best practice is to create a dedicated service account with the proper admin role and use its API token. Keep in mind that API tokens expire after one year, so you’ll need to rotate them regularly.
Hope this helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.