What is the best way to limit the account used by Jira Mobile Connect (API) so that it can submit issues but otherwise does not really have access to any other projects or even other issues in the same project that it is submitting against? We don't want to expose ourselves unnecessarily.
Thanks in advance for the guidance.
This may not be the best or most elegant way to handle this, but here's what I did:
We added additional security that limited the scope of jira access from "outside" and this is where we have landed. If only Atlassian cared to document some best practices (and/or care about security) we would _know_ if this was the best way to handle this within the contraints of their software.
I would like to see an authoratative answer on this from Atlassian--its vital to the successful deployment of the product!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.