Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Notification on change of issue security schemes

Colinda Goormans-Francke
Colinda Goormans-Francke March 28, 2019

One project in our Jira database contains issues that should not be accessible by all administrators. I have put an issue security level on them but administrators can change the Project permissions and the Issue security scheme. So they can add themselves to a certain security level.I tried to find a way through the project permissions to restrict this but seen that administrators can change the project permissions, this does not work. 

An alternative could be that I receive a notification when a security level was changed but I don't find how to do this. Does anybody have an idea? Of course, then the person with administrators rights could remove the notification before changing the security level... 

It's really not possible?

Thank you for reading my problem,
Colinda

Answer
Watch
Like Be the first to like this
560 views

2 answers

0 votes
Melanie Pasztor
Melanie Pasztor
Contributor
October 9, 2019

Once someone has jira admin, especially system admin, access, cannot completely secure against them, if they are determined to do so.

One solution is making sure you can trust your admins with information that does not relate to their role, and that they are able to respect their sensitive nature if they come across it. With myself, I have to get clearances and security checks to be admin just because I can come across sensitive info on a Jira instance I am responsible for. 

The other solution is have a dedicated Jira instance on a different server that is limited to the people cleared to access, including admin. It is a hassle, but there are companies who create instances for new projects, and then archive it once said project is completed. All the while compartmentalized from other teams and employees on their network.  

Reply
0 votes
Colinda Goormans-Francke
Colinda Goormans-Francke April 2, 2019

From the absence of any reaction, I guess it is not possible with a listener or notification. Then I am looking at the audit log. I am just wondering whether someone with administration rights could change the audit log somehow by modifying a file somewhere on the system?

How is this audit log information stored?

The concern here is to make sure that all who have administration rights can not change project permission scheme or issue security level without this being visible to other administrators. We have several and they do need to be Jira administrator but ideally some of them should not have access to all issue content as it may contain sensitive information. Hence my question how secure is the audit log?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.