Regarding restriction on generating and using the API token.
Issue #23
new
Hi Team,
I am Vinesh from SpringerNature. We are evaluating your plugin and have already raised a quote for licensed version. I had one question/query regarding the generation of token to users. My query is that we want to restrict users from generating the token themselves, only the Jira administrators should be able to do so. So, is there any way we can implement this functionality. I tried checking it in the configuration but could not find any information/option regarding this.
Your help is highly appreciated.
Regards,
Vinesh.
Comments (4)
-
-
-
assigned issue to
Roma Bubyakin [Wombats Corp]
-
assigned issue to
-
Hi @Roma Bubyakin [Wombats Corp] ,
I agree on the security breach point. Your suggestion to have a group for such users seems perfect so that we can track the API token usage.
Thank you for looking into this.
Regards,
Vinesh.
-
Thank you, @Vinesh Chandran for the feedback!
I’ve added it to the backlog and will keep this ticket open until actual implementation.
It will be done after several things like tokens expiration and admin’s page with all tokens in the system.
Regards, Roman
- Log in to comment
Hello Vinesh,
You are right, it’s not possible to do at the moment.
Not sure that it will be implemented because of following thoughts:
Possible solution that I can see is give admins possibility to restrict token generation by group membership.
If this functionality will be useful in your case I could add it to the backlog.
Regards, Roman