Best practice for configurering a JIRA "dumb" user in heavy regulated organisations


We would like to use wallboards around the organization to show relevant sprint data from JIRA 7. 

The industry have high security requirements, so it isn't possible for users to be logged in. Is there any best practice for conguring af dummy/serviceaccount user with restricted access ?

The user needs to be able to browse specific projects and access certain dashboards. It needs to be configured centrally by system administrators, since the local project administrator in theory would be able to assign the user project administrator role by a mistake. 

Kind regards.

1 answer

Hi Kristian,

if you want to avoid that project admins play around with that user in the described way it would mean that you have to assign the user directly in the permission scheme of each project and make sure that the manage project permission is never given to a role but always to groups that you control - lots of administrative overhead in my opinion. So what do you fear? You could just create a filter to look for updates made by this user and let it send you an email every hour if the user does something.

Another way could be to implement a static html page where you embed the gadgets using iframes and store the login data to access these in some encrypted way. So the user should not really be logged in in a way that you can do bad things with this user. Don't know if this is possible but it might be worth a try?



Thanks for your reply.

We were asked by the security department to ensure, that the dummy user i tamper-proof. If it is up to the project administrators to assign it the right role, we will according to the security department set up a week link.

The static page would, surprise, hinder the dynamic and iterative approach to dashboard creation, so that is not an option :)

So according to you. Best practice would be to let project administrators assign the dummy user and then monitor the dummy users action by filters ?

You're welcome Kristian - yes monitoring the user with a JIRA filter which you subscribe to is the least work and provides some monitoring if the user is used by someone - of course you are not monitoring if versions are created by this user or if he deletes issues but maybe you could name the user something like "don't make me project admin"? ;) 



Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,172 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you