Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Notification on change of issue security schemes

Colinda Goormans-Francke
Colinda Goormans-Francke March 28, 2019

One project in our Jira database contains issues that should not be accessible by all administrators. I have put an issue security level on them but administrators can change the Project permissions and the Issue security scheme. So they can add themselves to a certain security level.I tried to find a way through the project permissions to restrict this but seen that administrators can change the project permissions, this does not work. 

An alternative could be that I receive a notification when a security level was changed but I don't find how to do this. Does anybody have an idea? Of course, then the person with administrators rights could remove the notification before changing the security level... 

It's really not possible?

Thank you for reading my problem,
Colinda

Answer
Watch
Like Be the first to like this
415 views

2 answers

0 votes
Melanie Pasztor
Melanie Pasztor October 9, 2019

Once someone has jira admin, especially system admin, access, cannot completely secure against them, if they are determined to do so.

One solution is making sure you can trust your admins with information that does not relate to their role, and that they are able to respect their sensitive nature if they come across it. With myself, I have to get clearances and security checks to be admin just because I can come across sensitive info on a Jira instance I am responsible for. 

The other solution is have a dedicated Jira instance on a different server that is limited to the people cleared to access, including admin. It is a hassle, but there are companies who create instances for new projects, and then archive it once said project is completed. All the while compartmentalized from other teams and employees on their network.  

Reply
0 votes
Colinda Goormans-Francke
Colinda Goormans-Francke April 2, 2019

From the absence of any reaction, I guess it is not possible with a listener or notification. Then I am looking at the audit log. I am just wondering whether someone with administration rights could change the audit log somehow by modifying a file somewhere on the system?

How is this audit log information stored?

The concern here is to make sure that all who have administration rights can not change project permission scheme or issue security level without this being visible to other administrators. We have several and they do need to be Jira administrator but ideally some of them should not have access to all issue content as it may contain sensitive information. Hence my question how secure is the audit log?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events