Just curious if anyone might be able to confirm: is it currently not possible to prevent team members from connecting to apps in the marketplace? We recently had a team member connect to a free app (largely harmless) but doing so authenticated for that app to have a lot of read-scope over a lot of data. This was able to be connected and installed through the marketplace without an admins approval. Can this be prevented?
This happened in our Jira (cloud) instance.
It looks like this confluence article (https://confluence.atlassian.com/upm/configuring-marketplace-connectivity-306350947.html) hints that maybe by disabling the UPM (turning the UPM to offline mode) would disable the marketplace.
Can this also be done for Jira or only Confluence?
Does disabling the UPM disable already installed apps or only updates and new installations?
Any insight would be appreciated! Thankfully we can just disable this app and alls likely fine. But we'd like to control who has the ability to install apps going forward...
Thanks so much for responding.
This user is in the basic role. :(
I reviewed our audit log as well and there's been no updates to their permissions since the license activated -- like they were never put in a group that had product administrative access or anything.
Is there some other permission setting that might override that basic role and allow someone to install from the marketplace by themselves?
OR if its written down anywhere in the help docs that the permissions should be restricted for the basic role, that would be really helpful to see too!
Hey Jack! Hope your weekend was well.
Just wanted to let you know our admin team was able to connect with this user and do a little more investigation. The marketplace restriction works as intended with the Basic role preventing installations. (Thank you!)
The question as phrased is probably a 'solved' so this might be better suited to a new thread (not sure of the forum standard here), but it appears the issue is actually (or at least potentially) related to the OAuth 3LO option: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
User went to app that offers an oauth connection to Jira. App uses their token to access the data. App installs in the jira instance without an admins approval but only that user has access. Possible to revoke their token or to uninstall the app completely.
How can these apps be prevented from being installed? Are there any system level settings that can block users from okaying oauth tokens for the jira instance, etc.?
Hello Community! We thoroughly enjoyed this just-for-fun conversation in the Jira Admin Group about what it's like to be a Jira Admin. For #JiraJuly, our talented designers created these graphics t...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events