Run rule as
Background
Apps on the cloud version of Jira are a bit different from server/DC variants. Cloud apps have a peculiar user App user on the instances where they are installed. This app user has access to all Jira projects & thus potentially this can be exploited (within the context of ARN) to bypass project restrictions and fetch issues from Jira that otherwise one would not have access to.
To prevent such a possibility, we are introducing a new parameter for rules called Run rule as.
Configuration
As Jira admin, navigate to Jira Apps menu from Jira settings >> Configurations within Automated Release Notes section >> ARN Rules tab. This is where an option to turn on Allow rules to be run by App user option is available.
By default, it is turned off for all the instances & we DO NOT recommend turning it on. If it is turned on, then ARN end users can potentially create templates to fetch information that is not visible to them via Jira due to their permissions.
When turned on, the Jira admin can also configure the default value to be either Creator of rule or App user.
Impact
Imagine if Alex created a rule in ARN some time ago & then after a while left the organization, thus his Jira account was deactivated/deleted. Now if the rule was configured to be run by Creator of rule then it will fail to fetch Jira issues because Alex doesn’t have access to Jira anymore.
In such scenarios, clone the rule and then delete the older one. The new rule will have a new creator & it will work as expected.