Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do i restrict JIRA administrators to create, edit or delete issues?

NoahH
NoahH
Contributor
May 17, 2017

My application is connected with JIRA via Application Link and is using OAuth scheme for user authentication. So far so good. The main idea of app was to continiously provide info in realtime about issue changes to the application user. For this purpose, I was using rest api for creating a webhook during configuration process in app. Using webhook rest api requires JIRA Administrator permissions, and this is constantly frightening some users during the OAuth dance, because they believe that app can "hack" JIRA instance.

One way to solve this is to rid off the automatic webhook creation during configuration flow, and ask user to create it themselfs. 

But, maybe there is a way to create such JIRA Administrators like group, whose users can only have read permissions on jira issues, but can work with webhooks via rest api?

Answer
Watch
Like Be the first to like this
367 views

1 answer

0 votes
Renjith Pillai
Renjith Pillai
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 17, 2017

I don't think that is currently possible. A possible approach is to build a simple add-on for JIRA and move that webhook creation logic into the add-on which internally exposes a single api for your app to consume. You can then have a validation in the api to check for `current logged in user` to belong to a specific group in JIRA to determine if the user has rights. 

https://developer.atlassian.com/display/DOCS/REST+Plugin+Module

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.