Issue Summary

Currently, as per the design of the product, even if any account is added as a project administrator, they can go to the Automation page, create an automation rule and use Automation for Jira system account as the rule actor.

As an example, if the rule is performing major changes in any Asset schema (write operation to any attribute), any project admin can unintentionally make any changes to the schema using the Automation for Jira system account which can create issues for the Asset schema admins.

This happens because Automation for Jira account automatically gets permission to read/write changes to Asset schemas even though they are restricted. 

Steps to Reproduce

1. Make any account as the project admin.
2. Create automation rule using Automation for Jira account as its actor.
3. Use any Asset attribute update action like in the rule to perform changes in the schema.

Expected Results

We should have the ability to only show Automation for Jira account in the Actor drop down in automation rule to certain users so that not everyone can use this account to perform unnecessary changes in the Asset schema. Alternatively, in Assets, we should have the ability to restrict changes to certain accounts and block it for Automation for Jira system account.

Actual Results

Currently, automation for Jira system account gets automatic permissions to perform read/write actions in Asset schemas even though they are restricted to certain accounts, there is no way to block this operation. Any project admin can use this system account to perform any changes to Asset schemas.

Workaround

Restrict project administrator permission to authorised individuals.