Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permission used by webhooks into JIRA

Isaac Mann
Isaac Mann June 24, 2017

We have a third party application that logs crashes from our software, and when it reaches a specified number it uses a webhook into JIRA to create a bug in the engineering project.

We want to restrict people outside the engineering team from lodging bugs directly (they have another mechanism).

What permissions does a webhook into JIRA require? I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.

The other alternative I tried to find (but couldn't) is to explicitly restrict groups...

Answer
Watch
Like Be the first to like this
2742 views

1 answer

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 25, 2017

> I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.

No, it doesn't.  You've got a permission scheme that does that, but you don't have to, you can change it to grant whatever access you want

>What permissions does a webhook into JIRA require?

Imagine the remote process is a user.  If you want a user to be able to do something, then you grant them the permission to do it.  The webhook follows the same rules.

 

View More Comments
Isaac Mann
Isaac Mann June 25, 2017

1. Yes, I know it's in a permission scheme. Yes, of course I can change it to reduce the scope. I didn't ask that question.

2. Yes, I know the concept. I am asking the question of what role do I grant the the permission to in the scheme. I don't see something that is identifiably an (incoming) webhook in the options, under Project Role, Application access or Group options when granting that permission, i.e.

Screen Shot 2017-06-25 at 7.53.19 PM.png

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 25, 2017

I know you didn't ask, but your question was phrased in a way that suggested that you did not quite understand the permission schemes.

The role you grant to the webhook should be the role that gives it the permissions it needs in the project, which is determined by the permission scheme.  Imagine the webhook is a user.  What do you need to give a user to do what the webhook is doing?

Like
Isaac Mann
Isaac Mann June 25, 2017

You think it needs a project role? I did look for it that - I expected it to show in the Users and Roles screen in Project settings under "ATLASSIAN-ADDONS-PROJECT-ACCESS" with other integrations.

I didn't add the other integrations to this role, and the webhook is not specified there either. I don't see how to add it to a role, either - it's not a user, and doesn't come up in the user search when looking to add a user to a role.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 25, 2017

Sorry, I'm being spectacularly unclear on this, so I'll try a different explanation

You have an application that has webhooks which it triggers when certain things happen in it.  One of these webhooks should post something into JIRA.

The webhook needs to log into JIRA in order to do this, and for that it needs an account. 

In order for it to create/update/etc issues, that account needs the rights to do that.

So, you need to read the permission scheme to see what permissions are needed and make sure the account(s) the webhook uses to do the action have the right permissions.  That could be because they are part of a group, or role, or they're the assignee etc.

Like
Isaac Mann
Isaac Mann June 25, 2017

Thanks for specifying the full flow that you're expecting - the lightening struck my mind on your third paragraph, as I realised of course the account that the webhook uses was specified in the external app.

Thanks for your assistance Nic.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events