If there any solution to have instance, but close some project from project administrator?
Jira administrator still can add himself to group or issue security lvl, and get access to project to some information, be we need to grant him permission to administer instance, configure workflow etc.
No, there's no way to do that, an admin is an admin, and that's global.
You can have administrators who have no project access (although they can always add themselves) which I find really useful as it hides all the noise from me!
But we can block by Nginx some url!! And its true (the same solution to close some
Security Vulnerability).
Yes Admin still can take all from API, or if he has access from db.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That would be a very poor thing to do to an admin, and will absolutely not "close" any security vulnerability.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I ask about some custom solutions to hide the project from the administrator, we need to grant for specialist permissions to administer, configure the instance, but we need to know that some of our information in saving even from Jira administrator. Bussiness needs it.
p.s. The topic of question not about vulnerability, this decision is entitled to a short term life you have a right. But topic not about it, I ask maybe somebody find the solution, css, js, some code, or even custom addon which company writes and use only for their own instance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You're going to struggle to do this - Jira does not do it off the shelf, it works on the principle that a Jira administrator is a Jira administrator and their job is to administrate the system.
If you want to limit administrators, you're going to have to remove their admin rights completely and then write your own version of the administration code that can control access in the way you want.
There are some tools in the marketplace that allow you to do some of this.
"Business needs it" is not a reason to do this. I'd suggest it's more likely that you have got too many administrators and what you really mean is that you want to get rid of most of them, just have them as "users", and allow a couple of functions to non-administrators. That is a far more simple approach.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.