Background
Apps on the cloud version of Jira are a bit different from server/DC variants. Cloud apps have a peculiar user ‘App user’ App user on the instances where they are installed. This app user has access to all Jira projects & thus potentially this can be exploited (within the context of ARN) to bypass project restrictions and fetch issues from Jira that otherwise one would not have access to.
To prevent such a possibility, we are introducing a new parameter for rules called ‘Run Run rule as'.
Configuration
As Jira admins can admin, navigate to ARN configurations screen from Manage apps and then to the ‘ARN rules’ Jira Apps menu from Jira settings >> Configurations within Automated Release Notes section >> ARN Rules tab. This is where the ability an option to turn on ‘App user’ Allow rules to be run by App user option is available.
By default, it is turned off for all the instances & we DO NOT recommend turning it on. If it is turned on, then ARN end users can potentially create templates to fetch information that is not visible to them via Jira due to their permissions.
When turned on, the Jira admin can also configure the default value to be either ‘Creator Creator of rule’ rule or ‘App user’ App user.
Impact
Imagine if Alex created a rule in ARN some time ago & then after a while left the organisationorganization, thus his Jira account was deactivated/deleted. Now if the rule was configured to be run by ‘Creator Creator of rule’ rule then it will fail to fetch Jira issues because Alex doesn’t have access to Jira anymore.
In such scenarios, clone the rule and then delete the older one. New The new rule will have a new creator & it will work as expected.
On this page | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Iframe | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
