Without going into too much detail, we're interested in constructing what is basically a simplified custom front-end for JIRA for clients (I'm aware of JSD, and the use case doesn't fit.) We want to have named user accounts for our clients so that all actions in the portal are executed under their secured credentials, but we would rather they not be able to login to our full-blown JIRA instance (since that undermines us building this custom UI portal).
I'm curious if it is possible to create a setup whereby you have a group of JIRA user accounts that have full access to all JIRA REST API resources (read/write) but cannot actually access the JIRA UI? The goal would be to have the custom portal we are building execute actions via REST under the client's username, but that they wouldn't be able to login and explore the JIRA UI proper. This might be more of a networking/authentication question than something that is JIRA specific, but I was curious about thoughts of where to start.
Not in JIRA itself. Think of REST and the UI as presentation layers that look on to the core functions of JIRA. The core functions don't care what route the data comes in by, just that the person doing it has the right permissions.
So, as you've already suggested, the method is networking based - stick a firewall in front of your JIRA and only allow REST based calls through it from the clients.
Gotcha. I'll talk to our networking and architecture folks to sketch out a solution. Thinking we might make a separate domain for client purposes, and then secure that behind something like OpenAM that allows URL-based authorization rules for REST resources only. Thanks, Nic!
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events