Secure Admin for Jira Data Center
This plugin allows you to restrict access to the five administration tabs: Projects, Issues, User Management, System and Add-ons. This allows you to share the administration tasks. such as user management, to other users reducing your workload, allowing for quick turn around time and scalability. Even though more users have access to the administration area access to sensitive areas can be restricted to particular users.
When a user attempts to access a tab that they don't have access to a message is displayed telling them that access is denied.
By default, the Secure Admin plugin allows the same access level to the administration tabs as normally applies. Restriction of access is done by specifying which users have access to particular tabs. Below is the Secure Admin configuration screen that specifies access. This is located on the Add-ons tab.
The first field on the Secure Admin page is for entering notes. This allows you to record any information that is relevant to the configuration.
Under the notes field is the "Access specified using" buttons. You can choose either Users or User Groups as the method for specifying who has access. Warning: If you use User Groups then be aware that anyone who has access to the User Groups page will be able to add themselves to groups and change what pages they can access.
The Full Access section allows you to specify super users / user groups that will have access to all admin pages (except the Project ones). For the example above, the user Ellen is included as though she was in all access fields that have a "Super+" or "S+" indicator (i.e. it is the same as if Ellen was in the Applications, Projects, Issues, User Management, System and Manage Apps fields).
If the "Don't Include Users / User Groups in Field Count" checkbox is checked then the users / user groups still have access to all the admin tabs, admin sub tabs, configuration page and custom pages but if the field is empty it will now be accessible to all other admin users (see the Access To Admin Tabs section for more details).
Access To Admin Tabs
This section specifies who has access to the standard admin top-level menus. If the field is empty and there are no super users / user groups specified or super users / user groups are specified and "Don't Include Users / User Groups in Field Count" then all admins will have access to this tab. In all other cases on the users / user groups specified (including super users / user groups) will have access.
So for the example above Ellen has access to all Admin Tabs, Han and Sarah only have access to Issues and User Management and all other admin user have no access at all.
Configuration Page Access
This field specifies who has access to Secure Admins configuration page.
Admin Sub-Tab Access
The section specifies access to the sub-tabs within the admin tabs.
If you want to restrict access to the Incoming Mail tab on the System menu you would: select System for Top Tab, in the page field enter the last two parts (without the extension) of the URL (if the pages URL is \"/myjira/secure/admin/IncomingMailServers.jspa?id=5\" then the last two parts are admin/IncomingMailServers), optionally enter a description and enter the users / user groups who will have access.
If you get a URL that ends like /secure/admin/user/AnonymizeUser!default.jspa?id=10234 then you would enter user/AnonymizeUser and for a URL like /secure/auditing/view# you would use view or even auditing/view.
In the example above, Sarah doesn't have access to the User Management tab but she does have access to the anonymizer sub tab. So when she navigates to the User Management tab she will only be able to see the User Anonymizer sub-tab. Ellen will also have access to the Anonymizer sub-tab.
Custom Page Access
The section allows you to restrict access to any top-level menus, excluding the standard Jira admin tabs.
To add a page, select the top level tab (i.e. http://mydomain.com/myjira/secure/admin/StructureAdmin!view.jspa), copy the part of the URL after the last / and before any ! or . characters (i.e. StructureAdmin), go to the Secure Admin page and for the page field enter the URL page (StructureAdmin in this example), optionally enter a description and then enter the users / user groups who will have access.
For the example above, Sarah and Ellen will have
Project Admin Access
This section allows you to add/remove access to the project admin tabs.
To restrict access to the Delete Project tab (i.e. http://localhost:8088/myjira/secure/project/DeleteProject!default.jspa?pid=10000&pcp=true) you would navigate to the page, copy the last two parts of the URL, up to the ! or . characters (i.e. project/DeleteProject in this case), go to Secure Admin, add a new project sub menu item, enter the partial URL (project/DeleteProject) into the page, optionally enter a description and then enter the users / user groups who will have access.
If the URL contains the project key (i.e. for the MCIT Project Screens, http://mydomain.com/myjira/plugins/servlet/project-config/MCIT/screens) then replace the project key with %PKEY% (i.e. the page would be %PKEY%/screens)
For the example above, Frank would be the only user that would have access to the Delete Projects page. It would not be visible to any other users.
The Custom Message field allows you to specified a custom message that any users denied access would see. If this is blank then the standard message (Access Denied) would be displayed.