Upper Level Management Access

Roy Keyes April 26, 2023

Out there in the world of Atlassian tools, we are wondering about something about how others approach an issue we are having .....

What users in upper level managment (non-IT) do y'all allow into Jira software with agent access?

Is it normal for say, the CEO or other c-type people in the company (who are NOT IT types at all) to have access to Jira Software?

What are the use-cases and what are the solutions for either direction, access or just viewer access or what?

Trying to come up with solutions not just block people here, but where is the line where it decreases productivity and causes the less than extroverted developer type to limit their communications, and other such side effects.

5 answers

1 accepted

2 votes
Answer accepted
Aaron Pavez April 26, 2023

Don't give access to people that doesn't need access. They don't need to look at each Jira issue. A dashboard is enough.

You can create a project for them and show a JQL with the relevant information they are looking for.

If they need more, there is Jira insight that can take that info from those projects (and several instances too)

There are also several plugins that can extract data (a PDF or csv file) and that can be sent to upper management.

Cheers!

Roy Keyes April 26, 2023

This is basically what I am looking for. Others in the community to re-enforce the ideas and setup possibilities that I envision. I am not being listened to on my own, so I am looking for help, lol!

I appreciate all of your points @Mia Paulin and I definitely have looked into and tested the routes you suggested @Aaron Pavez and I thank you both for sharing them here!

Welcome the conversation! The slogan from Team 23 this year, together better than alone, right!

1 vote
Mia Paulin
Contributor
April 26, 2023

@Roy Keyes  You’re right. The best people I think could help with that are the ones implementing the products and portals. They have been teaching me the ropes and helping me with the implementation. I see them as mentors (even the introverted ones) but they are good at what they do and can show the functionalities of Jira from the inside out. There are a lot of innovators in this company. I just don’t think the know how to express themselves (their opinions and ideas) when it matters most. Like, this is one of those times. What people in upper level management don’t understand is that to those in positions like that- to everyone else, we feel like if we do good, we do really good. If we do bad, we do really bad. So, even though that’s in our heads, it’s like we feel lowly. But, the reality of it all is you guys are human with feelings, compassion and deal with the same struggles we do, just on a different level and understand us more than we think. It’s a little intimidating, but I think communication is important. Im still learning it myself. My best advice would be what I saw someone else di recently- extend that olive branch. 

1 vote
Mia Paulin
Contributor
April 26, 2023

@Roy Keyes  There are many solutions to this. The first is to get with someone who has governance over the platform that you want to know about and a member of the IT security department and give them the specifications of what you want to accomplish- the way a client would-and have them taylor a solution that allows for this. Or, you can have some from the team who implemented the solution you are interested in and have them show you an instance of the platform- like a presentation to show its functionalities. Since we are in an agile environment, the developers and engineers and everyone who contributes to the solutions do this anyway, this is something they all know how to do-step by step. There can even be like a training session held by the creators. That way there is no security issue and people can learn about the products. These are just some ideas.

1 vote
Mia Paulin
Contributor
April 26, 2023

@Roy Keyes That's a good question.  Most compsny policies only allow access to those working on a specific product-  need to know basis.  One reason is that it's a security issue.  It has a lot do to with access, permissions and governance of certain projects and products.  It's Like, for instance, if you have a company that has a research department, and also a finanical department, and an accounting department,  the people from research wouldn't have access to the other two departments, and the other two departments wouldn't have access to each other's information.  Matter of fact, no two people in either of those departments would have access to anything the other is working on because it's sensitive information.  Now turn the situation around.  In IT, Engineering, Research, Tech, it's the same thing.  Especislly since yhe projects that are being implemented are being done so for clients...and that is invaluable information that isn't supposed to be shared outside of the team-or anyone not allowed by the Project Owner, stakeholders, etc, because it belongs to them, they own it and their money is invested in it.  There are such things as privacy policies- especially in the US- and people can get sued for things like that.  That information is protected.  I know this because in high school, volunteered at a hospital.  They have this things called HIPPA.  Google it, but it's specifcally for the health industry.  Some of those same practices are true for industries in the US.  It has to do with Protected information.  As far as being on other people's projects and platforms, unless there was a security issue(cyber-attack, stealing of information or resources), only authorized users should have access to certain platforms.  In the case of a security issue, the manager of the team would have someone from IT security department handle it.  Non-IT or any employee not authorized on a project should have access to that project without permission from the right admins or those responsible for that project. 1) it's  a security issue and risk, 2) depending on who gets ahold of that project could sabatoge the project, whether by accident or whether maliciously, and 3)(and I might get in trouble for saying this, knock on wood), in the USA, where I reside, it's considered cybercrime-literally, I'm not making that up.  So, for the best interest of not just the projects, but the clients the project, and those trying to implement the project, I don't think that anyone without the right permissions should have access to the project or anything they aren't supposed to.  Let me give a scenario: (this will keep you out of trouble in the future).  Here in the US, we have this new thing called transparency- AKA the government monitors every and anything they want to because they can.  Take that a step further:  someone on the company portal gets mad at another employee- thet find their way to someone computer with their personal and work information, From there, they get on everyone in their household's devices- from laaptops to cellphone to IoT devices, to their neighbor's wifi.  Perhaps one of the people they did this to, calls the police and they get caught.  That person, even though playing around, doesnt's go to jail,  They go to federal prison doing 25 years to life in lock because, in this country, cybercrime is considered a federal offense, and in some. cases, depending on where you're from (because Americans are ignorrant-I know because I am one), if you are the wrong skin color or the wrong nationality, based on american social bias, they could say "that person is a threat to National security".  I know it sounds bad, but land of the free is really land of the " we got laws- and it's guilty until proven innocent".  Ask a bondsman.  Long story short( I know, kinda late for that), stay safe and stay out of trouble.  Things like that happen a lot, and everyone here is good people.  We need to respect each other's stuff.  This is coming from a noboby who has seen this stuff described actual happen.

Mia Paulin
Contributor
April 26, 2023

@mention I wasn't trying to offend anyone, but that stuff really happens here.

Like Roy Keyes likes this
Roy Keyes April 26, 2023

Thank you for your answer, long as it may be, it was informative. I am aware of HIPPA (I worked in the hospital early in my IT career as an intern doing data processing and then 10 years doing research data, software, etc).

One thing that applies here is that these individuals are not necessarily needing anything, but visibility into the work (or that is the case being made).

I have ability to make changes, but am technically just a user of jira software and not the "owner" of the system. I am asking this question as an advice route, on how to advise on "best practices" for giving visibility without giving too much access to those in leadership who are really just wanting to "watch."

Roy Keyes April 26, 2023

@Mia Paulin not offended at all, just out here trying to find answers, do research, before making decisions. It is all good.

Mia Paulin
Contributor
April 26, 2023

@Roy Keyes I would talk to the person incharge of the project and ask to be shown aspects because, how do I say this- as far as security goes, it's not for those who just want to watch and see progression; it's put in place for protection of the products and things like security breaches, things like malicious code, ransomware, trojans horses(which can crash a program and the entire computer, along with all software and devices attached to that computer), thing like worms(a form of malicious code that can multiply itself and bring down an entire network-not just LANs, but somethings WANs that can scale and entire networks infrastructure or everyone that makes it up-on a global scale), or the wrong person- a black hat hacker- getting access to the system or anyone on the dark web, and causing all types of chaos.  So, it's not meant for people who just want to observe progress; certain things are in place to protect the company's data- and in doing so, the company as a whole- from malicious attacks.  And, it's not always outsiders that do this.  In a perfect world, everyone in a company should be trusted.  But, statistics show that the majority of cyber-attacks on companies come from within.  And, I'm not saying that's the case, but it does happen.  And a lot of it is unintentional.  It could be someone doing something completely innocent and not knowing all of the dangers out there and either doing something that they don't know is a risk, or that person simply being socially engineered.  That's when someone cons them into giving up person or company information because the person socially engineering them purposefully comes across as legitimate  Then, after that person get this information, they use what the acquired and can perform cyber-attacks.  did the person they stole the information from know they were doing it(and that's what social engineering is- a form of cybercrime that allows the attacker to steal from an unsuspecting individual)-no, they are completely innocent.  But, was unaware of the risk because that's one of the weapons social engineers use.  There is also the other side of the internal spectrum of an internal attack-  the attack knew what they where doing and hacked the company.  These types of things happen all the time in companies around the globe.  So, it's not meant for those who just want to know status or progress- it's protecting that data and information of the company, it's clients, and even it's employees.  In my opinions, the best way to observe or to see progress would be to ask.  It's a good company with a lot of friendly people.  None of us bite. I hope this helps.

Mia Paulin
Contributor
April 26, 2023

@Roy Keyes Another thing I think that helps a lot of companies here is security training for not just IT staff, but Non-IT staff. It helps people understand the risk out there and how to better protect, not just the company, but themselves, because company data and information isn't the only things that can be put at risk, but the employees- even upper management, themselves.  A lot of companies train people not just on security policy, but how to protect their own information and data from being stolen or from cyberattacks,  

Roy Keyes April 26, 2023

@Mia Paulin I understand all of the above risks, I've been in IT in various areas from systems administration to development. My problem is really a misunderstanding of the tools by the one running our Jira Software instance and a political struggle over who makes the final decisions. I also know that the company is actually implementing security training as well, to solve for the above issues, or try to.

Really, I just need good evidence on the proper setup, to allow "overseers" of the software development process, without giving up keys to everything in the system.

I'm having a hard time making the case for good reporting, dashboards, confluence, without the need to give out agent licenses.

0 votes
Mia Paulin
Contributor
April 26, 2023

see previous

Suggest an answer

Log in or Sign up to answer