Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to restrict non-admin users from connecting marketplace apps?

Elizabeth Oxton
Elizabeth Oxton July 14, 2021

Hey Everyone!,

Just curious if anyone might be able to confirm: is it currently not possible to prevent team members from connecting to apps in the marketplace? We recently had a team member connect to a free app (largely harmless) but doing so authenticated for that app to have a lot of read-scope over a lot of data. This was able to be connected and installed through the marketplace without an admins approval. Can this be prevented?

This happened in our Jira (cloud) instance.

It looks like this confluence article (https://confluence.atlassian.com/upm/configuring-marketplace-connectivity-306350947.html) hints that maybe by disabling the UPM (turning the UPM to offline mode) would disable the marketplace.

Can this also be done for Jira or only Confluence?
Does disabling the UPM disable already installed apps or only updates and new installations?

Any insight would be appreciated! Thankfully we can just disable this app and alls likely fine. But we'd like to control who has the ability to install apps going forward...

Answer
Watch
Like Be the first to like this
1425 views

2 answers

1 accepted

1 vote
Answer accepted
Rachit Singhal
Rachit Singhal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 17, 2023

Hi @Elizabeth Oxton ,

 

I think you are talking about the connected apps.

 

If yes, here is the solution of your problem. Login into your Jira having Org admin permission. Navigate to User Management and go to Products then go to "Connected apps" under Site Settings, there you will find the apps installed by user. You can uninstall the apps that you want by managing each app and to prevent this in future, you can go to settings and "Block user apps" permission.

 

Please let me know if you sill face any issue.

 

Thanks,

Rachit Singhal

View More Comments
Elizabeth Oxton
Elizabeth Oxton August 17, 2023

Hey Rachit! At the original time of this post there was no "Block user apps" option in the settings. But it was added a few weeks/months after. You're totally right and this is the correct solution for anyone looking in the future! Forgot to come back and edit this post, thanks for posting the solution for everyone :) 

Like
Rachit Singhal
Rachit Singhal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 17, 2023

Thank you Elizabeth for bringing more clarity on it. 

Like
Reply
0 votes
Jack Brickey
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 14, 2021

Users in the Basic role cannot add apps. Users with Trusted or Administration roles can. This is managed under User Management admin.

View More Comments
Elizabeth Oxton
Elizabeth Oxton July 15, 2021

Hey Jack!,
Thanks so much for responding.

This user is in the basic role. :(

I reviewed our audit log as well and there's been no updates to their permissions since the license activated -- like they were never put in a group that had product administrative access or anything.

Is there some other permission setting that might override that basic role and allow someone to install from the marketplace by themselves?

OR if its written down anywhere in the help docs that the permissions should be restricted for the basic role, that would be really helpful to see too!

Like
Jack Brickey
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 15, 2021

Not that I'm aware of. It would be interesting to see if that user with basic access can in fact add another app.

Like
Elizabeth Oxton
Elizabeth Oxton July 19, 2021

Hey Jack! Hope your weekend was well.

Just wanted to let you know our admin team was able to connect with this user and do a little more investigation. The marketplace restriction works as intended with the Basic role preventing installations. (Thank you!)

The question as phrased is probably a 'solved' so this might be better suited to a new thread (not sure of the forum standard here), but it appears the issue is actually (or at least potentially) related to the OAuth 3LO option: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/

User went to app that offers an oauth connection to Jira. App uses their token to access the data. App installs in the jira instance without an admins approval but only that user has access. Possible to revoke their token or to uninstall the app completely.

How can these apps be prevented from being installed? Are there any system level settings that can block users from okaying oauth tokens for the jira instance, etc.?

Like
Athas Mark
Athas Mark October 25, 2021

For my own sense of this:  a Team-Managed or Company-Managed Project Administrator cannot install add-on's.  Is this correct?

Like
Elizabeth Oxton
Elizabeth Oxton October 25, 2021

Hey Mark!,

What Jack was referring to is this setting in the user administration. The "basic" role is not tied to the project but rather the users' whole login to the site.

Screen Shot 2021-10-25 at 9.32.25 AM.png

To prevent a user from installing an app from the app marketplace you just need to make sure they have the basic role. So a company-managed project admin may still only be a 'basic' user on your jira instance; and so they will not be able to install a marketplace app.


Unfortunately there's other ways that apps can get installed through 0Auth on user login tokens, and this is seemingly not able to be restricted no matter what permissions are given to the user (in a project or in the user administration settings).

Like # people like this
Jack Brickey
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 25, 2021

Correct…

Like
Athas Mark
Athas Mark November 1, 2021

Thanks for the Clarification Oliver !

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events