I am trying to understand the level of access which the Groovy Script Runner has to the DB. Given that it can rename users, I assume it has update access. Assuming that the DB user which JIRA is using to access the DB has permissions on other DB's, could the plugin actually open new connections to them? Assuming the user making the connection has the right permissions, can the plugin modify other user's permissions? Can it execute arbitrary SQL?
Like *all* plugins it has full access to the db, and to the server that jira is running on (as the user jira runs as).
I frequently use the script runner to pop up an xterm on my workstation where I can do what I want on the jira server (as the user running jira). Put it like this: it can do everything a plugin can do, but no more, and no less. The only difference is it's easier.
> Assuming the user making the connection has the right permissions, can the plugin modify other user's permissions?
Like all plugins, yes.
> Can it execute arbitrary SQL?
I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs