Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there a way to get an alert on admin actions?

Inna S
Inna S August 7, 2022

Hi, 

I had a user created in the subscription allegedly under my account. As I do not recall doing this, I wonder which of the operations I did perform could cause this. 

Unlike with other operations in the audit log, this user addition states the actor location as 'unavailable'.

I also see the Atlassian support engineer has created a user for himself without informing me, the subscription admin.

This all looks very troubling, especially in the cloud service.

So I'm looking for a way to receive real time alerts on any activity related to user creation, role assignment and group allocation.

Please share your experience and solutions to this situation.

Thank you,

Inna 

Answer
Watch
Like Be the first to like this
342 views

1 answer

1 accepted

0 votes
Answer accepted
Bill Sheboy
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 7, 2022

Hi @Inna S 

In my opinion, there are definitely gaps in the information and reliability of the built-in admin logging of events with Jira Cloud.  For example some of the site admin actions in the log do not indicate who performed the action; some are not logged at all.

Until these functions are improved by our vendor, some possible options are:

  • Contact Atlassian support to learn about that user which was created
  • Investigate the marketplace to learn if there are better audit reporting addons
  • Use a webhook to push out site changes to another tool.  We experimented with that second option to review the logs in SumoLogic; it helped but there were still gaps.
  • Disciplined change management:
    • Limit the number of site admins,
    • Use a change-control project or Confluence page to log all planned site-admin-level changes, and
    • Have admins pair-program on all such changes.

Kind regards,
Bill

View More Comments
Inna S
Inna S August 28, 2022

Thank you, @Bill Sheboy .

I've contact the support and the response was not helpful as they were unable to provide any additional information.

Discipline is all good till you get an overworked and inexperienced team members.

As far as the change control is not enforced, it can't be relied upon.

I've set up the webhook to fire on all the admin events available, but somehow my system of choice (MS Power Automate) did not get the events. On the Jira side, there is no record on the webhook health and fires, so it is unclear if it wasn't fired or did not reach the destination or was rejected. 

So as far as I can see, the only protection would be a decent backup and restore capability, that is also missing from the current offering. Looks like we are off to additional spending on the yet another 3rd-party service here.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events