We have merged our Atlassian licensing and consulting business with our partners over at Seibert Group. The Actonic apps will continue to be developed by the same caring team as before.
Read more...

More than just data privacy: Permission monitoring in Jira

By Patricia Modispacher15. October 2021Reading time: 4 minutes

Data Protection and Security Toolkit for Jira und Confluence is one of the world's most effective security suites to ensure data privacy compliant work with Jira. It not only provides the obvious benefits such as easy generation of automatic user consent queries or data storage notifications: Actonic's data protection tool also makes life easier for system administrators. Data Protection and Security Toolkit for Jira allows you to demystify the complexity of user role and permission configurations in Jira with just a few clicks!

Learn more about how system administrators benefit from Actonic's Data Security tool!

The daily challenges for system administrators

Many of the tasks performed by the system administrator can be time-consuming, such as maintenance and configuration of user accounts, authorizations, and access rights. In your regular work, you keep complex systems in top condition and always bear a great degree of responsibility – especially when it comes to complying with data privacy laws. After all, even minor violations can result in heavy penalties. And as the person in charge, you are responsible for any errors that occur in your system.

In order to guarantee the security of the system, it is essential to quickly gain insight into which user (groups) have which rights, so that you can trace any incidents or peculiarities and follow them up appropriately. But managing permissions for individual user IDs in Jira can be very confusing, especially when there are many users to deal with.

Many clicks are necessary to find out which employee has access to which dataset and how exactly the permissions are assigned.

What are (Jira) permissions?

In general, permissions define the access that a user or user group has to a specific resource (a project, an issue, etc.). Permissions can vary from object type to object type. However, the common permissions are: reading, editing, changing owner, and deleting.

In Jira, permissions are the settings that control what users can see and do within specific applications.

Permissions address for example the following questions:

  • Who can create new projects?

  • Who has access to which project?

  • Who can create issues?

  • Who can post a comment?

  • Who can run a sprint?

  • Who can watch which issue?

  • Who can delete tickets?

The type of permissions differs within Jira applications and from project to project. Consequently, there are numerous permissions that a person can have. The best practice for Jira is that rather than assigning permissions at the user level, to group the permissions into a role. In this way, you can create a role which should be the “actor” for a particular set of changes in a project, such as Scrum Master, who can start, close and assign work to a Sprint. This makes sense in the context of the project administration. But from the data management point of view, it can mean that it is more difficult, at a glance, to understand exactly how much permission, and to which areas of Jira, that an individual user has.

And this is where our Data Protection tool becomes interesting for system administrators.

Permission Monitoring in Jira

Imagine that you as a system administrator want to find out which projects an employee has access to. If you use Jira without our app, you can’t see in the Jira User Management which projects the employee has joined. Group assignments are also not visible at a glance. You can’t just select a specific group and see all the permissions in the system.

It takes a lot of work to find out all permissions from one person in the system. Without Data Protection and Security Toolkit for Jira, system administrators have to look in every single project. It takes many clicks and even more time to get the information they need — and then it’s not presented in an appealing visual way.

Problems with Jira Permission Monitoring

  • Lack of an overview of thousands of permissions

  • Security vulnerabilities occur due to incorrectly assigned permissions

  • Critical audit findings during tests, if authorization assignments are not traceable

  • Lack of acceptance of the role model in the departments

Implementing Actonic’s Data protection tool can shed light on all the darkness of Jira authorization monitoring.

Permission Monitoring with Data Protection and Security Toolkit

The Permission Monitoring module provides the ability to track and view 2 types of permissions:

  • Current permissions: This is a list of all current project permissions for a specific user, group, or an entire project.

  • Historical permissions show a history of all permission changes for a user, group, or project.

Current permissions – filter options

Filter by user, users in groups or projects.

Historical permissions – filter options

In the historical view you can see users (in groups), projects, event types and time periods.

Using the dropdown menu, you can filter by date, person, or event type. This way, you can directly see when a user had which rights.

To save the information adequately, export it as CSV, for example.

Use case: Onboarding

The benefits of Data Protection and Security Toolkit for Jira are best seen in a typical use case, onboarding. Imagine a new employee has been trained, and you want to check if he has the proper rights in the corresponding projects.

How do you proceed?

  1. Jira’s style: Click through the entire Jira instance from project to project and see if everything fits, which takes several minutes if not hours in total.

  2. Actonic’s style: Or filter by the newly created user and see in one view which rights he has in the complete system.

The easiest and fastest way to do this is to use the “View Permission” module from Data Protection and Security Toolkit for Jira. With this view, you will not see the uninformative group titles first, but directly the individual permissions.

Conclusion

One of the most important requirements of the GDPR and other data privacy laws such as CCPA is that you as a system administrator must always know who has access to personal data. You need to document these permissions, which is easy thanks to the visual permission analysis. With user monitoring, you can easily track who had or still has which rights and when.

With Data Protection and Security Toolkit for Jira, you guarantee data protection-compliant work in Jira and solve other problems for which you are responsible along the way. Let our add-on boost your productivity and efficiency, all while making you look like the smartest person in the room! Data Protection and Security Toolkit for Jira is a great solution to a what otherwise could be a very costly and dangerous liability for your company, in terms of risk, fines, and reputation. So, you see, our Data Protection suite can do much more than just data protection!

CCPA, GDPR, HIPAA and more: easily manage all of them!

  • Handle all sensitive and personal data
  • Be safe with risk-free data protection
  • Also ready for: CCPA, HIPAA, LGPD, etc.
Go to Atlassian Marketplace

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

Related Posts

  1. Article 15 GDPR with Atlassian products: The access right in Jira & Confluence
  2. Roles and Responsibilities of a Data Protection Officer
  3. Sprint permissions
  4. A comparison of the different administration levels in Jira
  5. Jira custom reports: custom Jira Scripts with Report Builder | part 1