[JIRAAUTOSERVER-522] Automation Rule project permission allow user to copy the Authorization header

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Configuration
Labels:
- iq-a4j
- ril

UIS:
0
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Problem

With the project permission configured in the automation rule, project admin can still access to the System Admin user Authorization header information from the Send web request action:

But I am a sys-admin and can not deposit one my personal token in a project automation where every project admin can read my token and use it for some obscure operations. This is affects the security of our Jira instance.

Suggestion

It would be great if the whole automation rule configuration field was disabled to access or copy from it.

Another option would be to hide the automation rules without being seen under Project Settings > Project automation > list.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

image-2022-08-17-16-51-21-528.png
17/Aug/2022 2:51 PM
105 kB
John Chin

relates to

JSWCLOUD-22729 As an admin, I want to be able to hide values in automation rules, e.g. web requests using tokens in header

Closed

links to

Internal ticket

Cristian Iorio added a comment - 16/Feb/2023 3:46 PM

In my opinion it is absurd that a solution to this is not yet available. I believe that almost all Security departments will no ifs and buts mouth the implementation of similar automations. Please consider the request quickly and carefully, this way the action related to HTTP requests is almost unusable!

Cristian Iorio added a comment - 16/Feb/2023 3:46 PM In my opinion it is absurd that a solution to this is not yet available. I believe that almost all Security departments will no ifs and buts mouth the implementation of similar automations. Please consider the request quickly and carefully, this way the action related to HTTP requests is almost unusable!

Tommy Augustine added a comment - 18/Aug/2022 7:32 PM

This would be super helpful for me as a Cloud Admin! Great Suggestion!

Tommy Augustine added a comment - 18/Aug/2022 7:32 PM This would be super helpful for me as a Cloud Admin! Great Suggestion!

Assignee:: Konrad Plasota

Reporter:: John Chin

Votes:: 28 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 17/Aug/2022 2:55 PM

Updated:: 15/Jan/2025 4:32 AM

Details

Description

Problem

Suggestion

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Cristian Iorio added a comment - 16/Feb/2023 3:46 PM

Expand comment: Cristian Iorio added a comment - 16/Feb/2023 3:46 PM

Collapse comment: Tommy Augustine added a comment - 18/Aug/2022 7:32 PM

Expand comment: Tommy Augustine added a comment - 18/Aug/2022 7:32 PM

People

Dates