Uploaded image for project: 'Automation for Jira Server'
  1. Automation for Jira Server
  2. JIRAAUTOSERVER-522

Automation Rule project permission allow user to copy the Authorization header

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Configuration
    • 0

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      With the project permission configured in the automation rule, project admin can still access to the System Admin user Authorization header information from the Send web request action:

      But I am a sys-admin and can not deposit one my personal token in a project automation where every project admin can read my token and use it for some obscure operations. This is affects the security of our Jira instance.

      Suggestion

      It would be great if the whole automation rule configuration field was disabled to access or copy from it.

      Another option would be to hide the automation rules without being seen under Project Settings > Project automation > list.

        1. image-2022-08-17-16-51-21-528.png
          image-2022-08-17-16-51-21-528.png
          105 kB

            0291f5616540 Konrad Plasota
            ckimloong John Chin
            Votes:
            28 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated: