API access without admin account

Is there any way to give and application API access to JIRA with giving them an admin account? Is there a way to limit the account so it can not be used to log into JIRA directly?

We are trying to control who has admin access to our JIRA instance to prevent unexpected/unwanted changes to our JIRA configuration. Once we give out an admin account for use in API scripting, we have no way of controling who has access to the account name and password. How do we mitigate the risk?

1 answer

1 accepted

0 votes
Answer accepted

I'm not sure what you mean by "API Access".

You don't need to give out admin accounts for REST/SOAP - they respect the users permissions, and don't need admin access at all. Unless you're doing admin stuff with them.

If by "API", you mean the internal stuff, then you need admin rights to install plugins, but not to use them (or even write them)

Nic,

I am told the issue is with getCustomFields()

My user is using SOAP to conncect Perforce to JIRA via a Perforce plugin.

Ok. You don't need admin access to use SOAP, or that call. Just use an unprivileged account.

Nic,

An error is being thrown when they try to run the service:

Version:1.0 StartHTML:0000000149 EndHTML:0000006087 StartFragment:0000000199 EndFragment:0000006053 StartSelection:0000000199 EndSelection:0000006053 Jan 24, 2013 9:42:59 AM com.perforce.p4dtg.plugin.jira.soap.RequestHandler initDefectBatch
INFO: JIRA query batch size is set to: 100
Jan 24, 2013 9:43:00 AM org.apache.axis.utils.JavaUtils isAttachmentSupported
WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
Jan 24, 2013 9:43:04 AM com.perforce.p4dtg.plugin.jira.soap.BaseHelper getCustomFieldsMap
SEVERE: com.atlassian.jira.rpc.exception.RemotePermissionException: Remote custom fields can only be retrieved by an administrator.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: com.atlassian.jira.rpc.exception.RemotePermissionException: Remote custom fields can only be retrieved by an administrator.
faultActor:
faultNode:
faultDetail:
{}com.atlassian.jira.rpc.exception.RemoteException:null
{http://xml.apache.org/axis/}hostname:(redacted)

com.atlassian.jira.rpc.exception.RemotePermissionException: Remote custom fields can only be retrieved by an administrator.
.

.

.

.


Ah, I see, it's trying to get the list of custom fields, it's not just working with issues.

You need to adjust the plugin so that it stops asking for the list.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published 15 hours ago in Opsgenie

Getting the Most out of Atlassian and Opsgenie Together

We’re excited to invite you to this action-packed webinar where we will demonstrate how to integrate Opsgenie’s powerful alerting and on-call management tools with your entire Atlassian stack. Mar...

19 views 0 0
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you