I discover that all users have access to REST API. I administrate JIRA and I want to known how to restrict the access to REST API to a group of users only or to forbid the access to certain users. The reason is that I have users developing and using scripts based on REST API (python). I can't monitor that they do and that they execute. I think it's not safe to allow everybody to use REST API interface as they want. The simplest solution will be to disable <API call> under <General Configuration> but I have integrated JIRA with Crucible and Fisheye and I suppose that it may have an impact. Is somebody facing the same problem? Has anyone suggestions or solutions?
Thanks in advance.
Thank you for your quick answer. Nevertheless the question is how to avoid users to have access to information via REST API. Even if there is no harm, is there any solution? Moreover I'm not alone to have these kind of questions. Via REST API every user have access to a lot of information that are not visible from the browser.
I think it's a problem and i think that something shall be do to separate the information accessibility from the browser and REST API or restrict to administrator only. Some people propose to filter ip's user as solution but it's not explained how. May be do you have any workaround?
Actually, even though all users can use the rest interface, the permission and security schemes of JIRA are still in place. If an user can't do an action through the web-interface, then they won't be able to do such task through REST. So I don't think you need to worry too much about users writing their own scripts. If they have the proper permissions set, they won't be able to do any harm.
Furthermore, disabling rest would cause major issues in JIRA as many of the operations done by plugins are using it nowadays.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs