During initial setup of both JIRA and Confluence, the applications obviously require database accounts with the permissions to create database object. After the setup has been completed, do these accounts continue to require these database object permissions? Can the account permissions be reduced to select/delete/update? This comes with the understanding that upgrades, installation of additional add-ons, or other system admin changes may require these elevated permissions temporarily.
The reason I am asking is that my company's security policy does not allow process accounts to have DB object permissions without an exception.
Specifically, I am using Oracle for both JIRA and Confluence.
Any time you upgrade or install a new add-on it may make changes to the database. Typically plugins are supposed to use our Active Objects way of storing data in the database - this means they can make changes during upgrade or installation, as tables will need to be created and optionally changed during upgrade dependent on upgrade tasks.
They can be reduced after you install JIRA, however any time you go to upgrade or install a new plugin those permissions may need to be added again (it depends on how the plugin stores data in the database).
Depending on the plugin, it may or may not be able to safely recover from failed database operations during upgrade / installation. So this means that potentially if the permissions aren't available, and the plugin is installed / updated, it may corrupt the installation. This means you may need to restore an XML backup to get the data back into an expected state.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot