DEV Community

Cover image for PRO Security Tips for Jira Admins
GitProtect Team for GitProtect

Posted on • Edited on • Originally published at gitprotect.io

PRO Security Tips for Jira Admins

It seems impossible to manage any project well if we are unable to track its progress. We always need to know what is happening to be able to control it and draw conclusions. Transparency is key here. So, the first thing we need is to have some nice tools for it. There is no doubt that Jira is one of the most popular ones on the market.

Let’s take a look at some interesting data from the 2021: State of the Atlassian Ecosystem Report:

  • Atlassian extends beyond IT teams – comparing to 2020, there is a significant increase in tool adoption among non-technical teams, for example, operations (7%) or customer service (15%),
  • 82% of respondents have embraced agile ways of working,
  • 54% of organizations have implemented a DevOps strategy – up from 48% in 2020,
  • 87% of respondents customizing their Atlassian tools.

Configuration possibilities within Jira

The above numbers should come as no surprise. Jira is a very flexible tool that has great configuration options. Agile boards, swimlines, specific workflows. We could talk about it for hours and discuss the best practices that can be implemented here. This is a good feature because, with the right motivation and knowledge, we are able to perfectly match the tool to the needs of our specific process. Here are some examples of things that we can build or define depending on our needs:

  • JQL queries to filter issues for specific criteria,
  • specific ticket statuses can be assigned to particular columns,
  • plugins and add-ons from Atlassian Marketplace,
  • integration with external tools, for example, GitHub, Confluence, Zendesk or Slack,
  • proper access rights and assignments,
  • customizable dashboards.

With such a great number of configurations, transitions, boards, etc. comes the question of permissions and their control. After all, we don’t want everyone to be able to freely change our process. First, we need to control who has access to our Jira account at all. And secondly, what privileges everybody has. Another thing that is important to mention is the fact that you can also use the mobile application, which on the one hand is convenient, but on the other hand, exposes us to additional risk.

Jira administrator responsibilities and duties

So, here comes a very responsible position called Jira Administrator. This software offers nice tools for managing user roles and restrictions to keep your process in shape. Let’s start with groups and permissions. There are many default groups that we can use, but of course, we can create our own and assign appropriate permissions to them. Thanks to this, we can easily manage user access by assigning it to individual groups. There is also the project roles mechanism. It allows you to give users or entire groups appropriate roles that can also be used to control access and permissions.

Jira Administrator must properly broadcast and control what I described above. An important aspect, from the perspective of the security of our system, is also the control over inactive users and the removal of permissions (or users) in the event of, for example, a change in project, position, or departure of an employee from the company. Jira allows you to monitor user activity, and thanks to this, we can, for example, delete inactive accounts after a specified period of time. On the topic of permissions, I pay attention to some known issues that may cause an unexpected change in the visibility of a given project:

Source: [Atlassian](https://support.atlassian.com/jira-cloud-administration/docs/manage-project-permissions/)

Best practices for Jira Admins

Keep the standards

Define some standards and good practices and keep them alive. For example in workflows, there are statuses, transitions, and resolutions – keep them clearly defined and simple to avoid chaos and misuse.

Clean and tidy

Jira Admins should keep their instances simple and clean. To achieve that it is good to have a regular time-slot for maintenance activities such as:

  • removing unnecessary items (like fields, transitions, statuses, etc.)
  • cleaning up duplicate tickets
  • checking consistency

Training

Jira is constantly being updated or some standards or good practices may evolve. Therefore Jira Administrator (and all the users) should know all the newest updates. Regular and short training sessions could be very beneficial in this case.

Cloud migration

As Jira is migrating to Cloud we should be prepared for that. It may cause some issues, like some add-ons compatibility/support, etc. Appropriate preparation and support may be necessary. This is worth taking into account, especially with regard to the previous point.

Automation

We all like automation. Jira Administrator is a position that requires it. Anyway, most admins already use a few add-ons in order to improve their work. One of the top-selling Jira apps in Atlassian Marketplace is ScriptRunner, which allows us to automate or customize our Jira. So let’s use such tools to boost our automation capabilities.

Minimalize downtime with backup and DR

The biggest so far 2022′ Jira outage has affected hundreds of Atlassian’s customers and thousands of developers around the world. It may sound too obvious, but as a Jira Administrator, you need to take into consideration such a scenario and prepare your organization against alike incidents. The most logical action will be to implement a professional DevOps backup solution. Backup play a very important part, but don’t overlook the restore process – frequently test your Jira backups to be sure that the critical data is easily recoverable at any given time. GitProtect backup for Jira fully covers all your data protection needs and offers many restore options – instant restore, bulk restore, and point-in-time restore.

Conclusion

Managing a project and keeping it consistent is not an easy task. Especially when our tool, like Jira, has many configuration options and ways of working. On the one hand, it depends on each team member who performs certain operations in their daily work, creates new tasks, or moves them further in our process. However, there is the Jira Admin role. Thanks to the appropriate knowledge and understanding of good practices, we are able to create appropriate rules and principles that will allow us to maintain control and order in a large and constantly changing environment. Knowledge is power and we can use it to our advantage. And thanks to this, at the end of the day, we can facilitate the work of ourselves, others, and, as a result, increase the revenue of the company.

✍️ Subscribe to GitProtect DevSecOps X-Ray Newsletter – your guide to the latest DevOps & security insights

🚀 Ensure compliant DevOps backup and recovery with a 14-day free trial

📅 Let’s discuss your needs and see a live product tour

Top comments (0)