Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

JIRA accounts with REST-only access

Ryan Bober
Ryan Bober May 26, 2017

Without going into too much detail, we're interested in constructing what is basically a simplified custom front-end for JIRA for clients (I'm aware of JSD, and the use case doesn't fit.) We want to have named user accounts for our clients so that all actions in the portal are executed under their secured credentials, but we would rather they not be able to login to our full-blown JIRA instance (since that undermines us building this custom UI portal).

I'm curious if it is possible to create a setup whereby you have a group of JIRA user accounts that have full access to all JIRA REST API resources (read/write) but cannot actually access the JIRA UI? The goal would be to have the custom portal we are building execute actions via REST under the client's username, but that they wouldn't be able to login and explore the JIRA UI proper. This might be more of a networking/authentication question than something that is JIRA specific, but I was curious about thoughts of where to start.

Answer
Watch
Like Be the first to like this

2 answers

0 votes
Jordan Berry
Jordan Berry May 26, 2017

I haven't tested this, so it may not work. But maybe give them the ability to transition/work on issues but not the ability to browse any projects? 

Reply
0 votes
Nic Brough _Adaptavist_
Nic Brough _Adaptavist_ Community Leader May 26, 2017

Not in JIRA itself.  Think of REST and the UI as presentation layers that look on to the core functions of JIRA.  The core functions don't care what route the data comes in by, just that the person doing it has the right permissions.

So, as you've already suggested, the method is networking based - stick a firewall in front of your JIRA and only allow REST based calls through it from the clients.

View More Comments
Ryan Bober
Ryan Bober May 26, 2017

Gotcha. I'll talk to our networking and architecture folks to sketch out a solution. Thinking we might make a separate domain for client purposes, and then secure that behind something like OpenAM that allows URL-based authorization rules for REST resources only. Thanks, Nic!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you