Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is it possible to restrict non-admin users from connecting marketplace apps?

Hey Everyone!,

Just curious if anyone might be able to confirm: is it currently not possible to prevent team members from connecting to apps in the marketplace? We recently had a team member connect to a free app (largely harmless) but doing so authenticated for that app to have a lot of read-scope over a lot of data. This was able to be connected and installed through the marketplace without an admins approval. Can this be prevented?

This happened in our Jira (cloud) instance.

It looks like this confluence article (https://confluence.atlassian.com/upm/configuring-marketplace-connectivity-306350947.html) hints that maybe by disabling the UPM (turning the UPM to offline mode) would disable the marketplace.

Can this also be done for Jira or only Confluence?
Does disabling the UPM disable already installed apps or only updates and new installations?

Any insight would be appreciated! Thankfully we can just disable this app and alls likely fine. But we'd like to control who has the ability to install apps going forward...

1 answer

0 votes
Jack Community Leader Jul 14, 2021

Users in the Basic role cannot add apps. Users with Trusted or Administration roles can. This is managed under User Management admin.

Hey Jack!,
Thanks so much for responding.

This user is in the basic role. :(

I reviewed our audit log as well and there's been no updates to their permissions since the license activated -- like they were never put in a group that had product administrative access or anything.

Is there some other permission setting that might override that basic role and allow someone to install from the marketplace by themselves?

OR if its written down anywhere in the help docs that the permissions should be restricted for the basic role, that would be really helpful to see too!

Jack Community Leader Jul 15, 2021

Not that I'm aware of. It would be interesting to see if that user with basic access can in fact add another app.

Hey Jack! Hope your weekend was well.

Just wanted to let you know our admin team was able to connect with this user and do a little more investigation. The marketplace restriction works as intended with the Basic role preventing installations. (Thank you!)

The question as phrased is probably a 'solved' so this might be better suited to a new thread (not sure of the forum standard here), but it appears the issue is actually (or at least potentially) related to the OAuth 3LO option: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/

User went to app that offers an oauth connection to Jira. App uses their token to access the data. App installs in the jira instance without an admins approval but only that user has access. Possible to revoke their token or to uninstall the app completely.

How can these apps be prevented from being installed? Are there any system level settings that can block users from okaying oauth tokens for the jira instance, etc.?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira

⏰ Day in the life of a Jira Admin!

Hello Community! We thoroughly enjoyed this just-for-fun conversation in the Jira Admin Group about what it's like to be a Jira Admin. For #JiraJuly, our talented designers created these graphics t...

443 views 2 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you