REST endpoint for monitoring access needs admin rights

Originally asked by Harold Oconitrillo on 21 March 2022 (original question)


We try to configure monitoring for sync state as per https://docs.idalko.com/exalate/display/ED/Using+REST+API+for+monitoring+purposes

on a self-hosted instance (JIRA Server). However, when we set up a separate user and try to access the API it fails with the message “Access denied. The user JIRAUSER10298 doesn’t have admin permissions.” and HTTP error code 403. Given that these endpoints are read-only and given that they are accessed by an external monitoring service, we would like to add a user with minimal rights. Using credentials for a user that has admin permissions with a third-party service (i.e. site24x7) violates our policies. Please advise.


Answer by Daniel Miks on 21 March 2022

Hi Harold Oconitrillo

In general, the user setup as a proxy user used by Exalate to manage all actions taken when syncing has to have the necessary permissions to be able to perform the actions. The same as using REST Api in Jira, the user used has to have the correct permissions. If the proxy user doesn’t have the edit issue rights the sync will fail because Exalate proxy needs to be able to edit an issue. So you have to have the proxy setup with the right permissions. The proxy user works as a regular user.

Regards

Daniel