Follow these steps to block your sensitive projects in Jira from showing in Slack.

In this article we cover the following:

Jira Permissions

Jira Integration+ fully respects permissions in your Jira configuration and prevents users from updating projects where they don't have access in Jira.  

Default Configuration

By default we utilize the application link connection to Jira to get ticket information for users and base the projects shown on the permissions of the user that generated the Jira connection.   We then request users to authenticate prior to updating issues.  We believe in open environments and feel that seeing the issue name but not being able to see the details or update the issue is acceptable restriction for most teams. 

Result:

  1. Any user can find issues the administrator can view based on Jira permissions
  2. Users must authenticate with Jira to make updates to any issue
  3. Authenticated users can view and update issues based on permissions in Jira

Require Authorization

For teams that want to prevent users from viewing issues prior to authenticating the "Require Jira Authorization" setting can be enabled in your bot settings under https://account.nextup.ai

Result:

  1. Users must authenticated with Jira to view issues based on Jira permissions
  2. Users must authenticate with Jira to make updates to any issue
  3. Authenticated users can view and update issues based on permissions in Jira

Banned Projects

Jira Integration+ also includes the ability to globally disable specific projects in Jira.  This configuration ensures the included projects will never go into Slack from the Jira Integration+ bot.  

To set banned projects login to your account and look for the "Banned Projects" setting.

Permissions Use Cases

To better understand how the platform will react to your actions lets consider the use case below and the resulting output.

  • Default
  • Require Authentication
  • Require Authentication and Mixed Access
  • Blocked Project

Default

Configuration:

  • Channel: General
  • Users: Nick, Susan
  • Project: MAR
  • Jira settings: Nick / Susan (restricted)
  • Jira connection by: Admin (allowed)

Actions:

  1. Nick enters into slack "MAR-12"
  2. Jira Integration+ calls Jira and authenticates as Admin
  3. Jira responds
  4. Slack message created
  5. Nick is able to see the ticket name from MAR
  1. Nick then tries to update MAR-12
  2. Jira Integration+ requires Nick to authorize
  3. Once authorized Jira Integration+ respects permissions in Jira for Nick
  4. Nick is not able to make updates to MAR issues

Require Authentication

Configuration:

  • Channel: General
  • Users: Nick, Susan
  • Project: MAR
  • Jira settings: Nick / Susan (restricted)
  • Jira connection by: Admin (allowed)

Actions:

  1. Nick enters into slack "MAR-12"
  2. Jira Integration+ requires Nick to authorize
  3. Once authorized Jira Integration+ respects permissions in Jira for Nick
  4. Nick is not able to make updates or view to MAR issues

Require Authentication and Mixed Access

Configuration:

  • Channel: General
  • Users: Nick, Susan, Admin
  • Project: MAR
  • Jira settings: Nick / Susan (restricted), Admin (allowed)

Actions:

  1. Nick enters into slack "MAR-12"
  2. Jira Integration+ requires Nick to authorize
  3. Once authorized Jira Integration+ respects permissions in Jira for Nick
  4. Nick is not able to make updates or view to MAR issues
  5. Admin enters into slack "MAR-12"
  6. Admin is allowed to view MAR project in Jira
  7. Jira responds
  8. Slack message created
  9. Everyone in General channel can see the response
  10. Only Admin can make updates to the issue

Slack has no option to respond in a channel but hide from specific users.  In this case Admin should not be entering MAR project keys into a channel with non-accessed users.  

Blocked Project

Configuration:

  • Channel: General
  • Users: Nick, Susan, Admin
  • Project: MAR
  • Jira settings: Nick / Susan (restricted), Admin (allowed)
  • Blocked Project: MAR

Actions:

  1. Nick enters into slack "MAR-12"
  2. Jira Integration+ responds that MAR is blocked

User permissions not longer matter because MAR is blocked in Jira Integration+ configuration.   All users cannot view MAR. 

Did this answer your question?