Hello fellow Atlassian peoples!
We are looking to implement an HR portal that will handle personnel action requests, as such this portal will contain sensitive data so we are wondering what our options are to restrict or set up a silo database ? has anyone done so?
Any help would be greatly appreciated!
You don't do it in the database - Jira needs full access to the whole of its datastore in order to work.
But Jira does enable you to restrict projects and even issues in many ways. Have a look at the permission schemes, and issue security schemes as a starting point.
Hi Nic! thanks for the reply - the restriction within JIRA is not an issue, we would only grant access to the HR team and I would step in to troubleshoot as needed by re-adding myself to the admin role for the project (if needed)
The issue is around compliance/security of employee data...essentially our database admins should not be able to get to the information and hence why we were wondering how that could be accomplished for the database.
@Nic Brough [Adaptavist], as you may recall there was a similar thread a few weeks back. Unfortunately the system admin will always have access. The only thought I had was to use encryption on attachment but that would have to be aplies outside of Jira. Moreover, this would only be for attachments so if dat in the fields were sensitive, e.g having a Salary field, that would not be encrypted. I’m unsure if there is any suggestions posed to Atlassian to handle encrypted data w/in the application. I would be interested in knowing how this is handled by HR systems, e.g. Workday and others. I would have to imagine the system admin would still have access.
@Rose Sahagun, probably not the answer you were hoping for.
Yeah :/ I was looking at the encrypted plugin as it mentioned the encryption is in the DB and file system.
We were also looking into just having HR use jira service desk in the cloud but we need to have the nfeed plugin or something similar to kick off approvals based on ADP hierarchy.
The same applies, exactly as @Jack Brickey suggests - your administrators will always be able to get to the data. It doesn't matter what encryption you place on it, if a system can serve it up to a user, a Jira admin can get access to it.
An encrypted database would make it very hard for the DBAs to get there, which might be good enough? I've seen this done with Jira in a couple of places, but I'm not clear on the details of how they did it.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot