Jira: Configuring access controls

Updated on
January 13, 2023

Get a free security audit today

I accept the terms and conditions

Access controls are a key component of identity and access management (IAM), and are used to determine who is allowed to access which resources within your Jira instance. In this technical reference guide, we will walk through the process of configuring access controls for your Jira resources.

Prerequisites

Before configuring access controls for your Jira resources, you will need to have the following:

  1. A Jira instance that you have access to as an administrator.
  2. A list of the resources that you want to control access to, including servers, applications, and data.
  3. A list of the users and groups who should have access to these resources, along with the permissions that they should have.

Step 1: Define your access control policies

Before you can configure access controls for your Jira resources, you need to define your access control policies. This involves deciding which users and groups should have access to which resources, and what actions they should be allowed to perform within those resources.

To define your access control policies, follow these steps:

  1. Identify the resources that you want to control access to. This may include servers, applications, and data.
  2. Determine which users and groups should have access to these resources, and what permissions they should have. For example, you may want to grant certain users read-only access to certain resources, while granting others full read-write access.
  3. Document your access control policies in a clear and concise manner, so that they are easy to understand and follow.

Step 2: Configure access controls in Jira

Once you have defined your access control policies, you can configure the access controls for your Jira resources. There are several ways to do this, depending on the resources that you are controlling access to and the type of access that you want to grant.

Here are a few examples of how you can configure access controls in Jira:

  • To control access to specific projects within your Jira instance, you can use project roles and permissions. Project roles define the actions that users can perform within a project, while permissions define which users and groups are allowed to perform those actions. To configure project roles and permissions, go to the "Project settings" page for the project in question, and click the "Roles" or "Permissions" tab.
  • To control access to specific issues within your Jira instance, you can use issue security levels. Issue security levels allow you to define which users and groups are allowed to view or work on specific issues. To configure issue security levels, go to the "Security" section of the Jira administration console, and click the "Issue security" tab.
  • To control access to specific fields within your Jira instance, you can use field security levels. Field security levels allow you to define which users and groups are allowed to view or edit specific fields. To configure field security levels, go to the "Security" section of the Jira administration console, and click the "Field security" tab.

Step 3: Test and verify your access controls

Once you have configured the access controls for your Jira resources, it is important to test and verify that they are working as intended. To do this, follow these steps:

  1. Log in to your Jira instance as a user with the appropriate permissions.
  2. Attempt to access the resources that you have configured access controls for.
  3. Verify that you are able to access the resources as expected, based on the permissions that you have been granted.

If you encounter any issues with your access controls, you may need to adjust your access control policies and reconfigure the access controls in Jira accordingly.

Step 4: Monitor and review access controls

To ensure the continued effectiveness of your access controls, it is important to regularly monitor and review them. This will allow you to identify and address any issues or discrepancies in a timely manner.

To monitor and review your access controls, follow these steps:

  1. Regularly review your access control policies to ensure that they are still relevant and appropriate.
  2. Monitor the "Audit log" in the Jira administration console for any suspicious activity or unauthorized access attempts.
  3. Periodically test and verify your access controls to ensure that they are working as intended.
  4. Update your access control policies and configurations as needed to keep them up to date and effective.

By following these steps, you can effectively configure and maintain access controls for your Jira resources, helping to ensure the security and integrity of your data and systems.

More Technical Guides

Follow along with one of our reference guides to start securing your Atlassian Jira instance