Permission used by webhooks into JIRA

We have a third party application that logs crashes from our software, and when it reaches a specified number it uses a webhook into JIRA to create a bug in the engineering project.

We want to restrict people outside the engineering team from lodging bugs directly (they have another mechanism).

What permissions does a webhook into JIRA require? I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.

The other alternative I tried to find (but couldn't) is to explicitly restrict groups...

1 answer

1 accepted

1 vote
Accepted answer

> I've currently got the Create Issues action as having JIRA Software application access, but this obviously also gives everyone permission to create issues.

No, it doesn't.  You've got a permission scheme that does that, but you don't have to, you can change it to grant whatever access you want

>What permissions does a webhook into JIRA require?

Imagine the remote process is a user.  If you want a user to be able to do something, then you grant them the permission to do it.  The webhook follows the same rules.

 

1. Yes, I know it's in a permission scheme. Yes, of course I can change it to reduce the scope. I didn't ask that question.

2. Yes, I know the concept. I am asking the question of what role do I grant the the permission to in the scheme. I don't see something that is identifiably an (incoming) webhook in the options, under Project Role, Application access or Group options when granting that permission, i.e.

Screen Shot 2017-06-25 at 7.53.19 PM.png

I know you didn't ask, but your question was phrased in a way that suggested that you did not quite understand the permission schemes.

The role you grant to the webhook should be the role that gives it the permissions it needs in the project, which is determined by the permission scheme.  Imagine the webhook is a user.  What do you need to give a user to do what the webhook is doing?

You think it needs a project role? I did look for it that - I expected it to show in the Users and Roles screen in Project settings under "ATLASSIAN-ADDONS-PROJECT-ACCESS" with other integrations.

I didn't add the other integrations to this role, and the webhook is not specified there either. I don't see how to add it to a role, either - it's not a user, and doesn't come up in the user search when looking to add a user to a role.

Sorry, I'm being spectacularly unclear on this, so I'll try a different explanation

You have an application that has webhooks which it triggers when certain things happen in it.  One of these webhooks should post something into JIRA.

The webhook needs to log into JIRA in order to do this, and for that it needs an account. 

In order for it to create/update/etc issues, that account needs the rights to do that.

So, you need to read the permission scheme to see what permissions are needed and make sure the account(s) the webhook uses to do the action have the right permissions.  That could be because they are part of a group, or role, or they're the assignee etc.

Thanks for specifying the full flow that you're expecting - the lightening struck my mind on your third paragraph, as I realised of course the account that the webhook uses was specified in the external app.

Thanks for your assistance Nic.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in Jira

How to set up an incident workflow from the VP of Engineering at Sentry

Hey Atlassian community, I help lead engineering at Sentry, an open-source error-tracking and monitoring tool that integrates with Jira. We started using Jira Software Cloud internally last year, a...

1,096 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you