Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-91357

Modern & Granular Permissions Management

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      • Predefined Jira user groups are not flexible.
      • Predefined Jira user groups do not support the principle of least privilege.
      • Predefined Jira user groups do not support the principle of separation of duties for all use cases.

      Impact

      • For some use cases, we have to implement operationally painful security controls to enforce separation of duties.
      • We cannot prevent users from exfiltrating data using Jira Automations.
      • We cannot prevent users from exfiltrating data using Jira API tokens.
        • We cannot prevent the creation of API tokens altogether.
      • For some use cases, users require global permissions to complete tasks (when they don't need broadly global permissions; this is against the principle of least privilege).
      • We are unable to permit several teams to adopt the platform due to lack of least privilege/separation of duties controls.

      Suggestion

      • Allow customers to define custom roles with granular entitlements.
        • Leverage AWS, Azure, and Slack's API-based entitlement models as a starting point. These are gold-standard user permissioning designs.

              Unassigned Unassigned
              c268b7d564fa Luke Synnestvedt
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: