Documentation for JIRA 6.3 EAP developer (EAP) releases only. Not using this? See below:
(JIRA 6.2.x documentation | JIRA OnDemand documentation | earlier versions of JIRA)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Section
Column

When configuring security for your JIRA instance, there are two areas to address:

  • security permissions within JIRA itself
  • security in the external environment

Configuring

security

permissions within JIRA

JIRA has a flexible security system which allows you to configure who can access JIRA, and what they can do/see within JIRA.

There are five types of security within JIRA:

  1. Global permissions — these apply to JIRA as a whole (e.g. who can log in).
  2. Project permissions — organised into permission schemes, these apply to projects as a whole (e.g. who can see the project's issues ('Browse' permission), create, edit and assign them).
  3. Issue security levels — organised into security schemes, these allow the visibility of individual issues to be adjusted, within the bounds of the project's permissions.
  4. Comment visibility — allows the visibility of individual comments (within an issue) to be restricted.
  5. Work-log visibility — allows the visibility of individual work-log entries (within an issue) to be restricted. Does not restrict visibility of progress bar on issue time tracking.

 

Column
width320px
Panel

On this page:

Table of Contents

In this section:

Children Display
alltrue

...

If your JIRA instance contains sensitive information, you may want to configure security in the environment in which your JIRA instance is running. Some of the main areas to consider are:

Conditionaltext
SpacekeyJIRA
  • Database:
    • If you are using an external database as recommended for production systems (i.e. you are not using JIRA's internal/bundled HSQL database), you should restrict access to the database that your JIRA instance uses.
    • If you are using JIRA's internal/bundled HSQL database, you should restrict access to the directory in which you installed JIRA. (Note that the user which your JIRA instance is running as will require full access to this directory.)
  • SSL — if you are running your JIRA instance over the Internet, you may want to consider using SSL.
  • File system — you should restrict access to the following directories (but note that the user which your JIRA instance is running as will require full access to these directories):
  • SSL — if you are running your JIRA instance over the Internet, you may want to consider using SSL.

Other security resources

Conditionaltext
SpacekeyJIRA

Security Addendum 2010-04-16 - Preventing security attacks

Content by Label
security-resources
security-resources
showLabelsfalse
showSpacefalse
key@self
maxResults99security-resources
key@self