We have a third party application that logs crashes from our software, and when it reaches a specified number it uses a webhook into JIRA to create a bug in the engineering project.
We want to restrict people outside the engineering team from lodging bugs directly (they have another mechanism).
What permissions does a webhook into JIRA require? I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.
The other alternative I tried to find (but couldn't) is to explicitly restrict groups...
> I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.
No, it doesn't. You've got a permission scheme that does that, but you don't have to, you can change it to grant whatever access you want
>What permissions does a webhook into JIRA require?
Imagine the remote process is a user. If you want a user to be able to do something, then you grant them the permission to do it. The webhook follows the same rules.
1. Yes, I know it's in a permission scheme. Yes, of course I can change it to reduce the scope. I didn't ask that question.
2. Yes, I know the concept. I am asking the question of what role do I grant the the permission to in the scheme. I don't see something that is identifiably an (incoming) webhook in the options, under Project Role, Application access or Group options when granting that permission, i.e.
I know you didn't ask, but your question was phrased in a way that suggested that you did not quite understand the permission schemes.
The role you grant to the webhook should be the role that gives it the permissions it needs in the project, which is determined by the permission scheme. Imagine the webhook is a user. What do you need to give a user to do what the webhook is doing?
You think it needs a project role? I did look for it that - I expected it to show in the Users and Roles screen in Project settings under "ATLASSIAN-ADDONS-PROJECT-ACCESS" with other integrations.
I didn't add the other integrations to this role, and the webhook is not specified there either. I don't see how to add it to a role, either - it's not a user, and doesn't come up in the user search when looking to add a user to a role.
Sorry, I'm being spectacularly unclear on this, so I'll try a different explanation
You have an application that has webhooks which it triggers when certain things happen in it. One of these webhooks should post something into JIRA.
The webhook needs to log into JIRA in order to do this, and for that it needs an account.
In order for it to create/update/etc issues, that account needs the rights to do that.
So, you need to read the permission scheme to see what permissions are needed and make sure the account(s) the webhook uses to do the action have the right permissions. That could be because they are part of a group, or role, or they're the assignee etc.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG