Hello community,
I'd like to question and challenge the current scriptRunner code when it comes to handling jira-administrators and jira-system-administrators separation being applied in Jira. This can be due to various reasons, for example one team responsible for platform being up and performing, and the other only responsible for doing support related tasks for users requesting configuration changes.
ref: https://confluence.atlassian.com/adminjiraserver072/managing-global-permissions-828787760.html
Effectively with script runner including script console, any user can do and execute anything as account that runs Jira, possibly even grab LDAP configuration from database, aside creating/modification/deletion of files in filesystem.
So my question is as follows: if Jira already has separation of these roles build in, why such powerful tool, ignores it?
I would ask for confluence as well, but there Atlassian is seriously behind because they offer the separation in global permissions, but in the end of the day nearly everywhere is confluence-administrators group hard-coded anyway.
//Tomas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.