Security configuration

1 Summary
2 Non-Jira security
- 2.1 Allow Uninvolved Senders via Threading
3 Jira security
- 3.1 Allow Uninvolved Jira users via Threading

Summary

This page covers the Security configuration for a Profile, including both Jira user and Non Jira security behaviour, used to control create/comment inbound mail requests.

Non-Jira security

When enabled, email senders (Email only users | Email only user definition) for related inbound must match an already existing ‘non jira’ participant (the sender must exist in the configured custom fields). This is mostly enabled to prevent unwanted recipients gaining access to Jira Issues by sending an email in that relates to an existing Jira Issue.

Disabling this setting can allow anyone to send an incoming email and add themselves as recipients to the Jira Issue.

Allow Uninvolved Senders via Threading

Requires ‘Non-Jira security’ to be enabled.

Allows email senders who would otherwise not be able to participate on an existing issue to do the following if their email refers to an email thread known to be related to the issue:

add comments
be added to email only user custom fields (if configured)

In order for association via threading, association via threading is required. Only the standard threading supports ‘allow uninvolved’ behaviour, embedded issue key association does not allow uninvolved senders to comment, regardless of association match.

Jira security

When the email sender address refers to a Jira user or Portal Customer, Jira security configuration will be used.

When enabled, the user must have the permissions to create or comment.

Disabling this setting can allow any user or portal customer on the site involved on the issue to be able to comment regardless of Project permissions.

When disabled, requests from a user involved in an issue that they lack comment permission for will result in the JEMHC app user creating the comment on behalf of the unprivileged user.

Allow Uninvolved Jira users via Threading

Requires ‘Jira security’ to be enabled.

Allows users who would otherwise not be able to participate on an existing issue to do the following if their email refers to an email thread known to be related to the issue:

add comments
be added to user fields

In order for association via threading, association via threading is required. Only the standard threading supports ‘allow uninvolved’ behaviour, embedded issue key association does not allow uninvolved senders to comment, regardless of association match.