Configure JEMH Comment Creation to disregard security

Hi

Iv had a rather strange request for one of our Queues today, and am not sure whether it is doable in JIRA

I was wondering whether a User could add a comment to an issue (via email) if they don't have the security to see the ticket? Currently when users raise a ticket via email, they often CC other users in, and these users don't get view permissions, but sometimes they respond and there response should be logged as a comment. Even if the Comment is logged under some Anonymous user account, as long as the comment is actually logged correctly

Sorry if that didnt make sense

Thanks

1 answer

1 accepted

0 votes
Renjith Pillai Community Champion May 09, 2012

AFAIK the security permissions are respected while comments are added via emails. So with the default mail handler this may not be possible.

But if these people in Cc are not Jira users, then if defaultReporter is specified in email configuration, Jira actually adds their comments under the name of defaultReporter. A little strange though :)

JEMH seems to have this functionality https://plugins.atlassian.com/plugins/com.javahollic.jira.jemh-ui

I leave to Andy to comment more.

Hi Renjith

Thanks for the response. I have tried using the defaultReporterUsername option, but it seems to reject the email still if the User is an actual JIRA user who doesn't have permission to comment on the issue - unless i'm using the wrong JEMH property?

Renjith Pillai Community Champion May 10, 2012

May be that is what I wrote in the above comment. If defaultReporter is specified and mail comes from NON-Jira users, it gets added, while it comes from known Jira users without permissions, it is rejected.

Btw, there seems to be another parameter 'defaultReporterOverridesDerivedReporter' which you can use, but the bad part is that all comments may look like it has come from the same originator.

Yeah, its just not quite what I am after Renjith

Is it possibly something that could be solved with better security settings? Through the JIRA interface, only specified groups can access the tickets (which I currently have working), but via email, anyone can comment on a ticket (as to comment, they must know about the ticket)

Renjith Pillai Community Champion May 14, 2012

I doubt.

May be a custom handler is needed for this.

JIRA has a security model that JEMH can respect fully, or bend a little if you configure it so. There is a configuration option that enforces strict JIRA security, relaxing that will mean a user, by email, may be able to do things that would not otherwise be possible (eg add a watcher). If you have users commenting on issues that they should not be able to, thats a bug or a configuration issue.

Not having a defaultReporter set will ensure issues cannot be created in projects that are not appropriate, as the 'reporter' must be derived from the incomng email address, associated with a JIRA user having the correct privileges.

If you're using JEMH 1.x I'd be more than happy to dig into cause.

In passing, when non-jira user support is needed (and is specifically enabled) in addition to the above 'correct' behaviour', it is possible that new users could email with an issue key in the subject.

Happy to dig into this in more detail in JIRA, if there is a use case not being addressed, just create an issue on the project issue tracker.

Thanks for the help guys - actually got close to what the guys wanted using JEMH's ccHandling, but I think to fully implement it would require a Custom Email Handler since it is a very specific case. I'm using JIRA 4.4.4 so not using JEMH 1.X yet Andy - thanks for the option though.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,026 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot