Hi,
Is there any way to restrict access to the groovy script runner console to jira-system-administrators, rather than jira-administrators? We have a lot of jira-administrators, because they need to do Project specific work, or look at user and group information, and we wouldn't necessarily want them to be able to access the scripting panel.
Yeah. Nic is correct in that I looked at it. My justification for not doing it was broadly that, if you have an admin who wants to intentionally abuse that functionality, and you disable it from them, they could also equally abuse that privilege by using the workflow functions, eg the "scripted condition". I could prevent any non-system admin executing any code, but that would pretty much make the whole thing useless. So I don't want to hide the console and give people the false impression that non system admins can't run code.
I'm sure you will find a larger discussion on my issue tracker.
If you want to implement it you could just write some javascript that blocks it for non system admins.
Maybe I will add some form of auditing, perhaps that would suffice.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not really, no. I think Jamie looked at this a while ago, but there wasn't a lot of demand.
I have to say that even though I would like to see a lot more delegation of some admin rights down to lesser users, you really really really should not have "a lot of Jira administrators" - it's a recipe for disaster. Most installations should have 2 or 3. Maximum sane number is around 10...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.