Best way to lock down Jira for maintenance

I need to do some some maintenance on our Jira instance and don't want folks using it while I'm doing this. The main reason is that I'm going to be mucking with a bunch of persmissions and if all hell breaks loose, I'd like to revert the VM instance like nothing every happend. What's the best way to lock users out while I'm doing this? Thanks!

4 answers

1 vote

Shut everyone off by changing the url ;) If you use Apache or IIS, turn it off. If you connect to direct url, change the port! Then you only knows the correct url and will be able to access it.

Boa!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I use a much less heavy handed approach, and requires no back end magic. Keep in mind I'm on 3.13 so I am not sure this still works.

In Global Settings, find Global Permissions.

You will see permissions such as this:

  1. JIRA System Administrators
    Ability to perform all administration functions. There must be at least one group with this permission.
    Note: People with this permission can always log in to JIRA.
  2. JIRA Administrators
    Ability to perform most administration functions (excluding Import & Export, SMTP Configuration, etc.).
    Note: People with this permission can always log in to JIRA.
  3. JIRA Users
    Ability to login to JIRA. They are a 'user'. Any new users created will automatically join these groups.
    Note: All users need this permission to login to JIRA, even if they have other permissions.

Simply make sure (as a failsafe) that in addition to the "jira-users" group that is likely already there, that an admin group that only you belong to is also there. Then, just remove the "jira-users" group from the JIRA Users permission. Voila, no-one will be able to log in unless they also are a member of an admin group only you belong to. When you're done, add the "jira-users" group back in.

What's really nice about this approach is (as I recall), the banner indicating the system is down can be displayed so when they fail to log in they know why.

Of course, I don't know how this works with LDAP.

I will have to try this out on my test system in the near future.

Users that are already logged in will remain logged in with this approach. We have to physically restart the instance after deleting the jira-users group from the permissions settings screen to guarantee all users are kicked out. Once the changes have been completed, add the jira-users group back and you're good to go, no restart required.

To backup Jobin's answer, I would follow one of the directions which meets your needs under how to do a consistent full backup.

https://confluence.atlassian.com/display/JIRA/Preventing+users+from+accessing+JIRA+during+backups

Ha! Didn't even think of that -- changing the port number. Good call guys, thanks!

Ha! Didn't even think of that -- changing the port number. Good call guys, thanks!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,304 views 12 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you