Best practice for configurering a JIRA "dumb" user in heavy regulated organisations

Hi. 

We would like to use wallboards around the organization to show relevant sprint data from JIRA 7. 

The industry have high security requirements, so it isn't possible for users to be logged in. Is there any best practice for conguring af dummy/serviceaccount user with restricted access ?

The user needs to be able to browse specific projects and access certain dashboards. It needs to be configured centrally by system administrators, since the local project administrator in theory would be able to assign the user project administrator role by a mistake. 

Kind regards.

1 answer

0 vote
Christoph Thomas Community Champion Jul 13, 2017

Hi Kristian,

if you want to avoid that project admins play around with that user in the described way it would mean that you have to assign the user directly in the permission scheme of each project and make sure that the manage project permission is never given to a role but always to groups that you control - lots of administrative overhead in my opinion. So what do you fear? You could just create a filter to look for updates made by this user and let it send you an email every hour if the user does something.

Another way could be to implement a static html page where you embed the gadgets using iframes and store the login data to access these in some encrypted way. So the user should not really be logged in in a way that you can do bad things with this user. Don't know if this is possible but it might be worth a try?

Cheers

Christoph

Thanks for your reply.

We were asked by the security department to ensure, that the dummy user i tamper-proof. If it is up to the project administrators to assign it the right role, we will according to the security department set up a week link.

The static page would, surprise, hinder the dynamic and iterative approach to dashboard creation, so that is not an option :)

So according to you. Best practice would be to let project administrators assign the dummy user and then monitor the dummy users action by filters ?

Christoph Thomas Community Champion Jul 14, 2017

You're welcome Kristian - yes monitoring the user with a JIRA filter which you subscribe to is the least work and provides some monitoring if the user is used by someone - of course you are not monitoring if versions are created by this user or if he deletes issues but maybe you could name the user something like "don't make me project admin"? ;) 

Cheers 

Christoph 

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,323 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot