can we restrict a project administrator from accessing the "Project permissions" page

Rathan Kumar May 30, 2017

Hi,

in our firm we are having a model of managing user access using AD groups.

adgroup_adm- admin

adgroup_rw -read/write

adgroup_ro -read only.

the admin however has full control of the project we have seen misusing of permissions by adding individual users(this is linked to AD) to the repositories or project itself without notifying compliance department. even though these actions are logged, it is hard to monitor if other users are doing this kind of addition/deletion without compliance's knowledge.

so my question, is there a way to restrict project admins from editing the project permissions and repository permissions. but allowing only branch permissions and creating of repositories.

 

or is there a way to get notification everytime a user or AD group to added to any of the project. something like setting up automated email a new AD group is added or removed a email notification to be sent to system admins, so that we know to inform the users hwo did this.

 

Kindly let me know your answers.

Thanks

2 answers

1 accepted

0 votes
Answer accepted
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 2, 2017

Hi Rathan,

If you grant someone project admins permissions they'll be able to edit project and repository permissions, as you can see in the chart at Using project permissions. It's not possible to modify that. There's already a Feture request for that at BSERV-8765.

Regarding notifications, this is not a built-in feature but you can submit a feature request at jira.atlassian.com. I tried searching for a plugin in the Marketplace but so far didn't find one, you might want to create a custom one

Hope this helps!

Ana

0 votes
Warren February 15, 2019

It's not the cleanest way, but if you put apache in-front, you can block certain URL's to prevent access to the panels for project and repository permissions.

{code}
RewriteEngine On
RewriteRule "^/projects/([A-Z0-9]+)/(settings|permissions)$" "/plugins/servlet/branch-permissions/$1" [R=temporary]
RewriteRule "^/projects/([A-Z0-9]+)/repos/([A-Za-z0-9\-\.\_]+)/permissions$" "/plugins/servlet/branch-permissions/$1/$2" [R=temporary]
{code}

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events