It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Notification on change of issue security schemes

One project in our Jira database contains issues that should not be accessible by all administrators. I have put an issue security level on them but administrators can change the Project permissions and the Issue security scheme. So they can add themselves to a certain security level.I tried to find a way through the project permissions to restrict this but seen that administrators can change the project permissions, this does not work. 

An alternative could be that I receive a notification when a security level was changed but I don't find how to do this. Does anybody have an idea? Of course, then the person with administrators rights could remove the notification before changing the security level... 

It's really not possible?

Thank you for reading my problem,
Colinda

2 answers

From the absence of any reaction, I guess it is not possible with a listener or notification. Then I am looking at the audit log. I am just wondering whether someone with administration rights could change the audit log somehow by modifying a file somewhere on the system?

How is this audit log information stored?

The concern here is to make sure that all who have administration rights can not change project permission scheme or issue security level without this being visible to other administrators. We have several and they do need to be Jira administrator but ideally some of them should not have access to all issue content as it may contain sensitive information. Hence my question how secure is the audit log?

Once someone has jira admin, especially system admin, access, cannot completely secure against them, if they are determined to do so.

One solution is making sure you can trust your admins with information that does not relate to their role, and that they are able to respect their sensitive nature if they come across it. With myself, I have to get clearances and security checks to be admin just because I can come across sensitive info on a Jira instance I am responsible for. 

The other solution is have a dedicated Jira instance on a different server that is limited to the people cleared to access, including admin. It is a hassle, but there are companies who create instances for new projects, and then archive it once said project is completed. All the while compartmentalized from other teams and employees on their network.  

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

334 views 1 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you