GSA Connector and Jira superuser account

Hi,

We're in the process of setting up a Google Search Appliance connector that will crawl Jira to index related documents and pages for searching. We've been informed by the third party, that a service account with super-user access is needed in order to effectively restrict results based on security.

We'd like to know if there is a better solution other than providing a superuser account to the third party for the GSA connector to properly display all available documents and pages, including those that have specific restrictions?

 

Thanks in advance.

2 answers

0 votes

It needs to be a JIRA admin, not a System admin account, because it needs to be able to read the restrictions set up inside JIRA to be able to work out external visibility.

If for example, issue ABC-123 is restricted to the group "penguins", then you need a JIRA admin account to look at the issue security scheme to extract that information and replicate it in the crawler index.  A non-admin user will not be able to see the issue at all, or look at the scheme that says "only penguins"

Thanks for your input. Also, is there a mechanism to effectively block restricted pages/documents from being rendered?

Thanks

JIRA does that automatically.

That's why the GSA needs a privileged account - so it can read and duplicate the JIRA restrictions.  (I don't know how GSA might "effectively block restricted pages").

The people I've worked with who have implemented crawlers to index their JIRA installations have kept it simple though, in order to avoid the risks of leaking data via the crawler.  Given the scenario:

  • Alice uses JIRA and has restricted an issue to just her team.
  • Bob uses JIRA, but is not in Alice's team, so he can't see the issue in JIRA.
  • Bob uses the GSA, but he's in a group that has full access to everything in GSA.  So he can read the data the GSA has pulled from Alice's restricted issue.


In other words, if you need any level of security, your GSA access has to match your JIRA access rules exactly.  My clients kept it simple by saying "we are only going to index things a normal, or anonymous, user can see".

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,969 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot