How do i restrict JIRA administrators to create, edit or delete issues?

My application is connected with JIRA via Application Link and is using OAuth scheme for user authentication. So far so good. The main idea of app was to continiously provide info in realtime about issue changes to the application user. For this purpose, I was using rest api for creating a webhook during configuration process in app. Using webhook rest api requires JIRA Administrator permissions, and this is constantly frightening some users during the OAuth dance, because they believe that app can "hack" JIRA instance.

One way to solve this is to rid off the automatic webhook creation during configuration flow, and ask user to create it themselfs. 

But, maybe there is a way to create such JIRA Administrators like group, whose users can only have read permissions on jira issues, but can work with webhooks via rest api?

1 answer

I don't think that is currently possible. A possible approach is to build a simple add-on for JIRA and move that webhook creation logic into the add-on which internally exposes a single api for your app to consume. You can then have a validation in the api to check for `current logged in user` to belong to a specific group in JIRA to determine if the user has rights. 

https://developer.atlassian.com/display/DOCS/REST+Plugin+Module

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,953 views 19 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you