I am trying to understand the level of access which the Groovy Script Runner has to the DB. Given that it can rename users, I assume it has update access. Assuming that the DB user which JIRA is using to access the DB has permissions on other DB's, could the plugin actually open new connections to them? Assuming the user making the connection has the right permissions, can the plugin modify other user's permissions? Can it execute arbitrary SQL?
Cheers,
Boris
Like *all* plugins it has full access to the db, and to the server that jira is running on (as the user jira runs as).
I frequently use the script runner to pop up an xterm on my workstation where I can do what I want on the jira server (as the user running jira). Put it like this: it can do everything a plugin can do, but no more, and no less. The only difference is it's easier.
> Assuming the user making the connection has the right permissions, can the plugin modify other user's permissions?
Like all plugins, yes.
> Can it execute arbitrary SQL?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.