How do i restrict JIRA administrators to create, edit or delete issues?

My application is connected with JIRA via Application Link and is using OAuth scheme for user authentication. So far so good. The main idea of app was to continiously provide info in realtime about issue changes to the application user. For this purpose, I was using rest api for creating a webhook during configuration process in app. Using webhook rest api requires JIRA Administrator permissions, and this is constantly frightening some users during the OAuth dance, because they believe that app can "hack" JIRA instance.

One way to solve this is to rid off the automatic webhook creation during configuration flow, and ask user to create it themselfs. 

But, maybe there is a way to create such JIRA Administrators like group, whose users can only have read permissions on jira issues, but can work with webhooks via rest api?

1 answer

This widget could not be displayed.

I don't think that is currently possible. A possible approach is to build a simple add-on for JIRA and move that webhook creation logic into the add-on which internally exposes a single api for your app to consume. You can then have a validation in the api to check for `current logged in user` to belong to a specific group in JIRA to determine if the user has rights. 

https://developer.atlassian.com/display/DOCS/REST+Plugin+Module

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

195 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you