By default, Software project types in JIRA are visible to all JIRA users. This might pose a potential security problem since all your JIRA users will be able to see and possibly access your company’s software projects. Having setup and customized JIRA for numerous customers and projects in the past this is one of the first issues you should definitely deal with from a security perspective. This post serves as quick note on how to disable access to all JIRA users for software projects types by default and configure access on project based settings instead.
Disable access to all JIRA users for software project types
Per default, the permission to browse Software project types in JIRA defaults to all users. to To overcome this potential security issue go ahead and have a look at the Browse Projects permission in your Default software Schema via the Permission Scheme settings, as shown below:
As you can see by default the Browse Projects permission includes Application access for Any logged in user. Since this setting supersedes the Project role related setting all of your JIRA users will be able to see your software projects by either browsing through the projects list (hence the permission named “Browse Projects”) or by simply using direct links.
Now since we want to set permissions on project level for our users we need to remove the Browse Projects permission setting for the Application access and only use the Project role instead. The screenshot below shows the correct setting for project based browse permissions for your JIRA projects:
You are now able to properly configure access to your JIRA software projects on a project based level and your JIRA users will only see those projects they are a member of.
Final hint: Make sure to check your Browse Projects permission for all of your remaining permission schemes. As always, enjoy JIRA 🙂
In order to automatically track and link the progress of your JIRA issues based on your developers’ commits in your Github repositories make sure to checkout the JIRA DVCS connector addon.
It only takes a few simple steps to link your JIRA projects to your GitHub repositories to streamline your agile workflow, as shown below. First, you’ll need to register a new application for your main GitHub account, in order to generate OAuth tokens required to link JIRA to GitHub:
Choose JIRA DVCS for the application name and your full base URL of your JIRA cloud-based setup for Homepage URL and Authorization callback URL:
Once you’ve registered your new application you will get the OAuth tokens (client ID and client secret) required by the JIRA DVCS connector:
Now that you have your OAuth tokens it’s time to setup the JIRA DVCS connector. Thus, open the Administration > Source Control > DVCS Accounts tab in JIRA and select Link BitBucket or GitHub account:
There you’ll need to enter the OAuth tokens generated in GitHub:
Feel free to select Auto Link New Repositories and Enable Smart Commits when needed. Once you’ve added the tokens you get a list of your authorized GitHub repositories (public and private, depending on the permissions chosen for the GitHub application) that are now available to JIRA:
The last thing to do is to check that your developers have the proper rights for the View Development Tools permission:
Now that everything is set up properly remind your developers to use the JIRA issue ID in the commit messages so that the JIRA DVCS connector is able to automatically assign commits to your issues.
Sometimes you might want (or need) to change the default date-time format set in JIRA. Out of the box the format is set to d/MMM/yy, which translates to for instance 1/Jan/13.
Luckily, this setting can be easily edited through the administration interface under System » General Configuration » Advanced (scroll down the General Configuration page), as shown below:
In order to change the format for dates and date-times you need to look for four options:
In case your settings do not match you will get an error such as “Please enter the date in the format “d/MMM/yy” when trying to save dates using the date picker.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.