Hi,
I have a Jira automation that uses a web service macro. But it uses Basic auth, you have to add your api token in it to work. As such is it true that only I would be able to run it since it uses my API token?
Hi @Saira
The rule is run dependent on the trigger configuration of the rule. So if its an event based trigger, it would run on Automation receiving that event. If it is a manual rule you can configure it so that only people in certain Jira groups can run that rule.
But the rule would always run with your API token if you have configured it so (for your basic auth use case)
If you do not want the token to be visible to other admins on the site, use the Hidden Headers feature https://community.atlassian.com/t5/Automation-articles/Automation-Hidden-headers/ba-p/2138236
You can also restrict editing of the rule by going to Rule Details and restricting who can edit the rule. Other admins would only see this rule in a read-only mode in that case.
Cheers
Agraj
Hi @Saira - no, anyone can run the Automation, but you need to understand that any actions it takes will look like they are performed by YOU.
It's good practice to create a Service Account (for example "Jira Automation") and use that to generate an API token to use, so that when users look at the history of a ticket, it is clear that changes to a ticket were carried out by Automation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Oh @Agraj Mangal makes a good point that you can limit who can run a manual rule.
And also has some good points about securing your API token.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.