Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-16059

As a Jira administrator I would like to prevent JSM customers from creating personal access tokens and from authenticating with it

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Customer Portal
    • 2
    • We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      JSM customers are special type of users within a Jira instance, for which sometimes admins may want to restrict access only to a few necessary features.

      JSM customers have the option to manage personal access tokens (PAT) from the customer portal.
      They have the possibility to create tokens and access the REST API with it.

      A Jira admin may want to prevent JSM customers from creating tokens and from authenticating with it.

      It's important to note PATs would still follow the regular product permissions that were given to JSM customers.

      Suggested Solution

      Create a easy way to a Jira administrator to prevent JSM customers from creating and managing PATs.
      There should also be an option to prevent JSM customers authenticating with an existing PAT they previously created.

      Workaround

      Jira administrators may choose to disable the following plugin modules to prevent JSM customers from creating PATs from the portal:

      1. Go to Administration > Manage Apps > Manage Apps.
      2. Filter for personal access tokens and System plugins.
      3. Expand the modules of the Personal Access Tokens plugin.
      4. Disable the following two modules.
        • jsm-personal-access-tokens-model
        • jsm-personal-tokens-servlet

            [JSDSERVER-16059] As a Jira administrator I would like to prevent JSM customers from creating personal access tokens and from authenticating with it

            SET Analytics Bot made changes -
            UIS New: 2
            Security Metrics Bot made changes -
            Labels New: ril
            Security Metrics Bot made changes -
            Remote Link New: This issue links to "Internal ticket (Web Link)" [ 991152 ]
            Thiago Masutti created issue -

              Unassigned Unassigned
              tmasutti Thiago Masutti
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: