Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA accounts with REST-only access

Ryan Bober
Ryan Bober May 26, 2017

Without going into too much detail, we're interested in constructing what is basically a simplified custom front-end for JIRA for clients (I'm aware of JSD, and the use case doesn't fit.) We want to have named user accounts for our clients so that all actions in the portal are executed under their secured credentials, but we would rather they not be able to login to our full-blown JIRA instance (since that undermines us building this custom UI portal).

I'm curious if it is possible to create a setup whereby you have a group of JIRA user accounts that have full access to all JIRA REST API resources (read/write) but cannot actually access the JIRA UI? The goal would be to have the custom portal we are building execute actions via REST under the client's username, but that they wouldn't be able to login and explore the JIRA UI proper. This might be more of a networking/authentication question than something that is JIRA specific, but I was curious about thoughts of where to start.

Answer
Watch
Like Be the first to like this
248 views

2 answers

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 26, 2017

Not in JIRA itself.  Think of REST and the UI as presentation layers that look on to the core functions of JIRA.  The core functions don't care what route the data comes in by, just that the person doing it has the right permissions.

So, as you've already suggested, the method is networking based - stick a firewall in front of your JIRA and only allow REST based calls through it from the clients.

View More Comments
Ryan Bober
Ryan Bober May 26, 2017

Gotcha. I'll talk to our networking and architecture folks to sketch out a solution. Thinking we might make a separate domain for client purposes, and then secure that behind something like OpenAM that allows URL-based authorization rules for REST resources only. Thanks, Nic!

Like
Reply
0 votes
Jordan Berry
Jordan Berry May 26, 2017

I haven't tested this, so it may not work. But maybe give them the ability to transition/work on issues but not the ability to browse any projects? 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events