Security Requirements

Jira Cloud App Permissions

PermissionReason
Act as UserRequired to get user specific details like the time zone.
ReadRequired to check the existence of issue keys identified during synchronization of jobs and build.
WriteRequired to write build/deployment data for the Development Panel Integration.
DeleteRequired to delete build/deployment data form the Development Panel Integration.

Path Access Requirements

PathDirectionJenkins Site ScopeReason

https://jjc.marvelution.com/rest/[tenant.id]/* 

Jenkins to JiraPublic

Used to push a notification to Jira to synchronize a newly completed build.

Private

Used to push Job and Build data to Jira whenever a build completes or a job is created, modified or deleted.

http(s)://[your.jenkins.host][/jenkins.context]/plugin/jenkins-jira-plugin/ping.html Jira to JenkinsPublicUsed to check if the Jira Integration for Jenkins add-on is installed on the Jenkins site.
http(s)://[your.jenkins.host][/jenkins.context]/plugin/jenkins-jira-plugin/register/Jira to JenkinsPublicUsed to register the Jira site with the Jenkins site.
http(s)://[your.jenkins.host][/jenkins.context]/plugin/jenkins-jira-plugin/unregister/Jira to JenkinsPublicUsed to unregister the Jira site with the Jenkins site, done when a site is deleted in Jira.
http(s)://[your.jenkins.host][/jenkins.context]/**/api/json/Jira to JenkinsPublicUsed to collect job and build data from Jenkins.
http(s)://[your.jenkins.host][/jenkins.context]/**/jji/build/Jira to JenkinsPublicUsed to trigger a new build of a job on Jenkins.


Permission Requirements

User Permissions

There are permission requirements that need to be setup correctly before the integration can work.

Jira User

PermissionScopeReason
AdministratorGlobalRequired for configuring the Jenkins sites, and selected what should be synchronized.
View Development ToolsProjectRequired for users to view the Jenkins build date in Jira.

Jenkins Integration User

These permissions are only needed for Jenkins Sites that are configured as public, where Jira can interact with Jenkins to post and collect data. No Special permissions are needed when configured a Jenkins site as private.

PermissionScopeReason
AdministerGlobalRequired, only if the Jenkins plugin is installed, to be able to view Jenkins and to let Jira sites register themselves with Jenkins, see Jira Build Notification Listener
ReadGlobalRequired to synchronize the top level jobs.
ReadJobRequired to synchronize jobs and there builds.
BuildJobRequired for triggering builds from Jira.

(warning) The Job permissions must be set on each Job