Best practice for configurering a JIRA "dumb" user in heavy regulated organisations

Hi. 

We would like to use wallboards around the organization to show relevant sprint data from JIRA 7. 

The industry have high security requirements, so it isn't possible for users to be logged in. Is there any best practice for conguring af dummy/serviceaccount user with restricted access ?

The user needs to be able to browse specific projects and access certain dashboards. It needs to be configured centrally by system administrators, since the local project administrator in theory would be able to assign the user project administrator role by a mistake. 

Kind regards.

1 answer

Hi Kristian,

if you want to avoid that project admins play around with that user in the described way it would mean that you have to assign the user directly in the permission scheme of each project and make sure that the manage project permission is never given to a role but always to groups that you control - lots of administrative overhead in my opinion. So what do you fear? You could just create a filter to look for updates made by this user and let it send you an email every hour if the user does something.

Another way could be to implement a static html page where you embed the gadgets using iframes and store the login data to access these in some encrypted way. So the user should not really be logged in in a way that you can do bad things with this user. Don't know if this is possible but it might be worth a try?

Cheers

Christoph

Thanks for your reply.

We were asked by the security department to ensure, that the dummy user i tamper-proof. If it is up to the project administrators to assign it the right role, we will according to the security department set up a week link.

The static page would, surprise, hinder the dynamic and iterative approach to dashboard creation, so that is not an option :)

So according to you. Best practice would be to let project administrators assign the dummy user and then monitor the dummy users action by filters ?

You're welcome Kristian - yes monitoring the user with a JIRA filter which you subscribe to is the least work and provides some monitoring if the user is used by someone - of course you are not monitoring if versions are created by this user or if he deletes issues but maybe you could name the user something like "don't make me project admin"? ;) 

Cheers 

Christoph 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

25,997 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you