How do you silo JIRA database/restrict view of approvers on customer ticket for HR projects Edited

Hello fellow Atlassian peoples!

We are looking to implement an HR portal that will handle personnel action requests, as such this portal will contain sensitive data so we are wondering what our options are to restrict or set up a silo database ? has anyone done so? 

Any help would be greatly appreciated!

Thank you, 


1 answer

0 votes

You don't do it in the database - Jira needs full access to the whole of its datastore in order to work.

But Jira does enable you to restrict projects and even issues in many ways.  Have a look at the permission schemes, and issue security schemes as a starting point.

Hi Nic! thanks for the reply - the restriction within JIRA is not an issue, we would only grant access to the HR team and I would step in to troubleshoot as needed by re-adding myself to the admin role for the project (if needed)

The issue is around compliance/security of employee data...essentially our database admins should not be able to get to the information and hence why we were wondering how that could be accomplished for the database. 

Jack Brickey Community Champion Sep 28, 2017

@Nic Brough [Adaptavist], as you may recall there was a similar thread a few weeks back. Unfortunately the system admin will always have access. The only thought I had was to use encryption on attachment but that would have to be aplies outside of Jira. Moreover, this would only be for attachments so if dat in the fields were sensitive, e.g having a Salary field, that would not be encrypted.  I’m unsure if there is any suggestions posed to Atlassian to handle encrypted data w/in the application. I would be interested in knowing how this is handled by HR systems, e.g. Workday and others. I would have to imagine the system admin would still have access. 

@Rose Sahagun, probably not the answer you were hoping for. 

Yeah :/ I was looking at the encrypted plugin as it mentioned the encryption is in the DB and file system.

We were also looking into just having HR use jira service desk in the cloud but we need to have the nfeed plugin or something similar to kick off approvals based on ADP hierarchy. 

The same applies, exactly as @Jack Brickey suggests - your administrators will always be able to get to the data.   It doesn't matter what encryption you place on it, if a system can serve it up to a user, a Jira admin can get access to it.

An encrypted database would make it very hard for the DBAs to get there, which might be good enough?  I've seen this done with Jira in a couple of places, but I'm not clear on the details of how they did it.

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Dec 06, 2018 in Jira Service Desk

Looking for teams who switched from email to Jira Service Desk

The Jira Service Desk marketing team is working on a guide to help new Atlassian customers switch from email to JSD and we'd love to hear from you! Please share: - What made you realize that i...

827 views 6 10
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you