share issue only with users that have JIRA access

Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

Hello,

we have about 28000 Users in our Active Directory. Users with access to JIRA are less than 100.

When I share an issue, the list of the uses contains all 28k.
How can I change JIRA, so that this list only contains users that have JIRA access?

1 answer

0 votes
Stefan Arnold
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

When you use Active Directory as Jira User Directory you can use ldap filter to get only the user that have access to jira.
How do you grant you 100 User access to Jira?

In our case our jira users are members of active directory groups (jira-core-users and jira-software-users). we have also alot of users that dont have access to jira.
So i have created a filter to get only the user that are in the above mentioned groups. LDAP filter looks like this:

"ldap.user.filter": "
(&(objectCategory=Person)(sAMAccountName=*)
(|(memberOf:1.2.840.113556.1.4.1941:=cn=jira-core-users,OU=jira,OU=ourMainOU,DC=ourCompanyDc)
(memberOf:1.2.840.113556.1.4.1941:=cn=jira-software-users,OU=jira,OU=ourMainOU,DC=ourCompanyDc)))"

(the number behind membersOf is the LDAP matching rule OID, google it for more information)
that query has to be entered in your ad-settings in Jira in the user schema settings part in "User Object Filter":

jira_ldap_user.png

I would also give you a link to jira documentation but its not working today. so i hope this is enough help

Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

Thanks Stefan.
But for this solution I need our IT, because they have to create & manage the LDAP Group.


Now, as JIRA Admin, I set these groups manually (Read Only, with Local Groups):
https://confluence.atlassian.com/display/AdminJIRAServer071/Connecting+to+an+LDAP+directory

Stefan Arnold
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

Then i need more information how you "share" issues.
Do you mean that you add them as watchers or what are you doing to "share"?

Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017
Stefan Arnold
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

Iam sure you cant restrict this feature in a simple way.
The clean way would be to import only the 100 Jira Users from Active Directory. Talk to your IT, its should not be a big effort and will make you work much easier in future.

Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2017

But then, I always need the IT, when I want do add a user to JIRA.

This means additional IT tickets and waiting time I don't need  ;)

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events