Secure Admin for Jira Data Center / Server
This plugin allows you to restrict access to the five administration tabs: Projects, Issues, User Management, System and Add-ons. This allows you to share the administration tasks. such as user management, to other users reducing your workload, allowing for quick turn around time and scalability. Even though more users have access to the administration area access to sensitive areas can be restricted to particular users.
When a user attempts to access a tab that they don't have access to a message is displayed telling them that access is denied.
By default, the Secure Admin plugin allows the same access level to the administration tabs as normally applies. Restriction of access is done by specifying which users have access to particular tabs. Below is the Secure Admin configuration screen that specifies access. This is located on the Add-ons tab.
Initially, all fields are blank. A blank access field means that there is no restriction on access, anyone who normally has access to the admin tabs has access to tabs with no users specified in this field.
Near the top of the page is the Super Users fields. If a user is mentioned in this field then they have access to all admin tabs, this configuration page, all sub-tabs and all pages mentioned in custom access. If a user is in the Super Users field then it is the same as if their name is mentioned in all of the admin, configuration, sub-tab and custom page fields. If for the example above, we added a super user Sarah Conner then only Sarah would be the only user that has access to the Project tab.
By specifying users in the access fields you restrict all access to only the users specified. For example in the screenshot above:
Only Paul Clark and Joe Bloggs have access to the Applications and User Management tabs
Everyone (with admin access) has access to the Projects tab
Only Paul Clark and Chad Vader have access to the Issues tab
Only Paul Clark has access to the System and Add-ons tabs
Sub-Tab Access - Only Chad Vader has access to just the Services menu item in the System tab. You can have as many sub-tabs accesses as like.
Custom Access - Only Paul Clark has access to the page whose URL ends with StructureAdmin
Project Admin Access - Only Paul Clark has access to the Delete Project page for all projects.
In the middle, there is the for Sub-Tab Access section. This allows you to specify which users have access to any sub-tab page. In the example above Chad Vader has access to the System tab but can only see the Services sub-tab (all others have been removed). Examples of sub-tab access are: if you want to restrict access to the Incoming Mail tab on the System menu you would: navigate to the page, for the pages URL (/myjira/secure/admin/IncomingMailServers.jspa?id=5) enter the last part of the URL address without the extension, i.e. admin/IncomingMailServers), select System for Top Tab and enter the users who will have access. If you get a URL that ends like /secure/admin/user/AnonymizeUser!default.jspa?id=10234 then you would enter user/AnonymizeUser and for a URL like /secure/auditing/view# you would use view or even auditing/view.
Next is the Custom Access section. This section allows you to restrict access to top-level tabs of other plugins. In the example above the Structure plugin has added another top-level tab called "Structure". The page displayed when this tab is changed to is "/myjira/secure/admin/StructureAdmin!view.jspa". In the example above the Page Name is StructureAdmin (taken from the URL after the last / and before any ! or .) and access is restricted to Paul Clark. More than one page can be specified by delimiting the page names with commas.
Lastly is the Project Admin Access section. This section allows you to specify who has access to the Delete Project, Issue Collector and Reindex Project pages in all projects admin screens. If no users are specified then everyone with Project Admin have access otherwise only the users specified have access.