Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Jira Software
Questions
Permissions for editing JMWE configuration

Permissions for editing JMWE configuration

I'd like certain team members of ours to be able to edit global JMWE configuration (under Jira settings -> Apps), specifically, scheduled and event-based actions. Ideally, they'd be able to edit only those actions that they've created (i.e. an "edit own" permission) but it's also OK if they can edit all.

Can I somehow set up access control like this, without making them global Jira administrators?

Thank you!

1 answer

1 accepted

2 votes

Answer accepted

Hi @Zoltán Lehóczky ,

unfortunately, that isn't possible, for security reasons. Once you are able to edit Actions, you are basically able to do anything that the Jira REST API offers, by using the callJira Nunjucks filter. This essentially gives you admin powers, and therefore we need to restrict that power to official Jira admins.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I see, thank you.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Actually, isn't a JMWE action only as powerful as the user account executing it? In some cases one can also select whether to run it as the current user, a selected user, or the add-on user. Because it would be possible to restrict non-administrator users to only be able to run these as their own user, thus preventing access elevation?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Well, not really. Even when you select "run as" to run a post-function, it only impacts certain calls to Jira. Most of the calls have to be made "as the app user". And in particular, Nunjucks templates and their filters run as the app user. And of course they can be run by clicking on "Test Nunjucks Template", they don't even need to be part of a workflow post-function.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I see, thanks.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

CLOUD

PRODUCT PLAN

STANDARD

PERMISSIONS LEVEL

Site Admin

TAGS

Community showcase