How do you silo JIRA database/restrict view of approvers on customer ticket for HR projects

Rose Sahagun September 27, 2017

Hello fellow Atlassian peoples!

We are looking to implement an HR portal that will handle personnel action requests, as such this portal will contain sensitive data so we are wondering what our options are to restrict or set up a silo database ? has anyone done so? 

Any help would be greatly appreciated!

Thank you, 

Rose 

1 answer

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 27, 2017

You don't do it in the database - Jira needs full access to the whole of its datastore in order to work.

But Jira does enable you to restrict projects and even issues in many ways.  Have a look at the permission schemes, and issue security schemes as a starting point.

Rose Sahagun September 28, 2017

Hi Nic! thanks for the reply - the restriction within JIRA is not an issue, we would only grant access to the HR team and I would step in to troubleshoot as needed by re-adding myself to the admin role for the project (if needed)

The issue is around compliance/security of employee data...essentially our database admins should not be able to get to the information and hence why we were wondering how that could be accomplished for the database. 

Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 28, 2017

@Nic Brough -Adaptavist-, as you may recall there was a similar thread a few weeks back. Unfortunately the system admin will always have access. The only thought I had was to use encryption on attachment but that would have to be aplies outside of Jira. Moreover, this would only be for attachments so if dat in the fields were sensitive, e.g having a Salary field, that would not be encrypted.  I’m unsure if there is any suggestions posed to Atlassian to handle encrypted data w/in the application. I would be interested in knowing how this is handled by HR systems, e.g. Workday and others. I would have to imagine the system admin would still have access. 

@Rose Sahagun, probably not the answer you were hoping for. 

Rose Sahagun September 28, 2017

Yeah :/ I was looking at the encrypted plugin as it mentioned the encryption is in the DB and file system.

We were also looking into just having HR use jira service desk in the cloud but we need to have the nfeed plugin or something similar to kick off approvals based on ADP hierarchy. 

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 28, 2017

The same applies, exactly as @Jack Brickey suggests - your administrators will always be able to get to the data.   It doesn't matter what encryption you place on it, if a system can serve it up to a user, a Jira admin can get access to it.

An encrypted database would make it very hard for the DBAs to get there, which might be good enough?  I've seen this done with Jira in a couple of places, but I'm not clear on the details of how they did it.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events