Managing highly sensitive data in a project, so not even JIRA admins can see it once it's set up?

We have a requirement to use JIRA to store and manage requests for a confidential system.

how can we set up a project and then secure it from all but nominated people to access and maintain?

the overall JIRA admin would not be one of these people.

2 answers

1 accepted

Agree w/ Nic .. need to trust .. Or spin up a new instance all together and YOU are the admin. If hosted, then you can have an outside party as the net ops sys admin..

No - if you have two Jira instances (sounds like you do, if you need to protect HR stuff from your main Jira admins), then you need two licences. Of course, if your HR department is small, a $10 license for a handful of users is not a huge expense...

Atlassian are looking at bulk/site licenses as well, so in the future, that problem might go away.

Thanks Ellen

By 'Spin up a new instance' do you mean use the same licence? If we could restrict use of this to a named individual (as in I don't want to have access any longer as admin for our 'main' JIRA instance) then this could work. How do I find out how to do this?

Yes, Nic is right - you would need an additional license (for the number of users using it - so in your scenario, likely under 10).

If HR, and don't have the IT ops admin skills to do this easy (and ongoing support), can offer you a direct managed hosted option that is turnkey - up and running fast, backed up, upgrades included - and all secure for you.

ellen at appfusions dot com if want quote or to discuss more.

Thanks Nic & Ellen

The HR dept that would be using this is small in itself (5-10 users) but they potentially deal with the whole UK organisation, to whom they would be wanting to assign issues. so anywhere upwards of 500-600 users!

I think we'll try and get them their own instance and then I can hand over the reins to their IT guy.

If they are not keen on this solution, then the hosted option could be a runner.

Cheers for the prompt and informative replies..

0 votes

Simple at first - create a permission scheme that only allow people in a certain group or role to browse the project.

However, your comment about the Jira admin won't work. You can exclude the Jira admin, but they will ALWAYS have the ability to put themselves into a role or group that allows them access.

There is no getting around the fact that you have to trust the administrators of any system you run.

Hi Nic. Thanks for that.

It's not a trust thing really. This is confidential HR related data that we don't want anyone except the users(and their HR IT person) seeing.

The new instance suggestion from Ellen may be a runner i think.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,154 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you