Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-11307

Insight - import behaviour for Schema Manager who's not an Insight Admin



    • Bug
    • Resolution: Duplicate
    • Low
    • None
    • 4.22.0, Insight 9.1.6, Insight 8.9.8
    • Assets - Import
    • None


      Issue Summary

      The following behavior wasintroduced on Feb 16th with the release of JSM 4.22.0, Insight Bundled 9.1.6 / Insight 8.9.8 - Previous version is working as expected.

      A Schema manager, who is not an Insight / Jira Admin:

      • Can access and Configure ANY import configuration (excluding DB & LDAP, where the User cannot save configuration), edit the configuration and save it, indicating any Schema Manager/ Insight Admin as the Synchronizing Account - this is the expected behavior.
      • The same User may be able to trigger a Sync - right after saving the configuration, but the Progress will be stuck at 0%
      • A while later, the User will get a "Sorry, You do not have Permission to perform this action" Error when attempting to synchronize the Import he himself configured, if the same User is not indicated as the synchronizing Account.
      • The User can initiate any Import within the schema using REST:
      • The User CANNOT view the Progress of an Import he just initiated using REST:
        Response: 403 - "Sorry, You do not have Permission to perform this action" (reflects the UI behavior)
      • The User can navigate to Process Results, and see there is an Import in Progress, but clicking on "View Progress" will get the 403 response.
      • Once the Import is complete - the User can view the Process Results summary

      Steps to Reproduce

      1. Configure a user as a Schema Manager, make sure the User is not an Insight Admin
      2. while logged in as the Schema manager - configure an Import, and set another Schema Manager as the Synchronizing Account. Save the Settings
      3. Try to Trigger the Import in the UI / using REST API
      1. Try to get the Progress via REST

      Expected Results

      User who is also a Schema Admin can configure any import except DB, LDAP).
      The same User can synchronize any import already configured.
      The User can view the Progress of any import.
      The User can view the process results.

      Actual Results

      As detailed above:
      The User may configure an import, but can sometimes synchronize it.
      The same User can Trigger the Import using REST but not always in the UI.
      The User cannot view Progress (UI / REST).
      The User can view the process results.



      Either set the User Authenticating the API as the Synchronizing Account, or, add the Authenticating User to Insight Admin Role (granting the user permission to ALL Schemas )


        Issue Links



              Unassigned Unassigned
              8cdc82c96fd5 Yinon Negev
              0 Vote for this issue
              3 Start watching this issue



                Backbone Issue Sync