Limiting Jira project access

How to limit what projects Swarmia's Jira integration has access to.

This page only applies to Jira Cloud. If you are using an on-premise Jira, you should control the project access by limiting what projects your service account can access. Refer to these docs Jira Server and Jira Data Center

In Swarmia's Jira settings it is possible to select which projects you want to sync. We will not fetch data from other projects than the ones that you have selected in the settings. The workflow described in this page is only needed if you cannot rely on that guarantee and need to completely block us from accessing specific data.

Due to the way that Jira integrations work (both Forge and Connect apps), when you install Swarmia on your Jira instance, we automatically get access to all of the Jira projects in that instance. Unfortunately, there is no way for us to reduce that access, but luckily Atlassian has tools for the user of the application to do it.

Limiting the Swarmia app's access

You can limit what Jira data third party apps have access to using Data Security policies provided by Atlassian Guard. This is a paid feature (the free one is not granular enough), although it is included in their Cloud Enterprise plans. Here are Atlassian's docs for it.

To add a rule, navigate to Data Security Policies under https://admin.atlassian.com/ and click on "Create policy"

Data security policies

Depending on your needs, you might either block Swarmia from all projects by default, and allowlist the ones you need, or block a few specific projects that you don't want to give access to.

There is a limit of 15 projects per policy. If you want to target more projects, you will need to split them to multiple policies.

Selecting which projects the rule affects
Blocking Swarmia app from accessing a project

After you are done defining your policy, remember to click "Activate policy" for it to take effect!

Remember to activate your policy for it to take effect

Some data is still available

Due to the way the Data Security policies work, we still have access to some metadata of the blocked projects. Namely, we are able to see that the projects exist, but we cannot fetch their issues. Please ensure that you don't have sensitive information in the project names.

This also means that you'll still see the blocked projects in Swarmia's project sync settings, but in reality we are not able to sync issues from those projects.

To see what data exactly we still have access to, you can consult the API docs. Any endpoint marked with Data Security Policy: Exempt from app access rules is still accessible by us regardless of any rules you added.

Can I use a personal access token instead?

Unfortunately, it is not possible to use personal access tokens (PAT) for the Swarmia integration. PATs are not allowed to fetch the emails of Jira users, which is essential to correctly map authors across different tools like Github.

Last updated

Was this helpful?