Git Integration for Jira Self-Managed (Data Center/Server) Documentation

Enforce Git service permissions

NEW FEATURE
Available in Git Integration for Jira Server/Data Center v4.1.4+.

This page is intended for Jira administrators. For Jira users with limited access, please go to this page instead.

Right click here to open this video in a new browser tab for more viewing options.

Getting started

Source code is sensitive data and a great deal of effort is taken by development teams to get the permissions right. With the Enforce Git service permissions feature, your Git service permissions will be honored when presenting Jira users any Git data.

Jira administrators can require individual Jira users to provide a Personal Access Token
from the related Git service to view Git Data.

This setting provides Jira administrators the option of switching to a secure mode. In this mode, a Jira user is prevented from viewing git data, unless they have been authenticated to the Git server to view this specific data.

A Jira user must have the View development tools Jira permission to be able to add a personal access token to an integration or repository.

This feature allows users to enter their PATs without accessing the Repository Browser page.

What Jira users will see when Git service permissions are enabled and they have not yet provided a Personal Access Token

When “Enforce Git service permissions” is enabled, Jira users with the “View development tools”
Jira permission will be prompted to provide a Personal Access Token
from the Jira user profile page.

Jira user profile: Entering the Personal Access Token

From the Jira user profile page, the Jira user will enter their Git service Personal Access Token (PAT). For instructions on steps to create the appropriate token, see article Creating Personal Access Tokens.

Connected integration are displayed in your user profile. Enter your personal access token
to gain access to git data (if permitted by your git service).

Jira issue view: Git service permissions are enabled and a Jira user has provided a Personal Access Token

Git commits are displayed for users who entered a PAT and has git service
permission to view git data.

Applied permissions

If the Enforce Git service permissions setting is enabled, a Jira user will see data only from the integrations for which their PAT has been provided. For example:

Access location	Section	Condition(s)
Jira issue	Git Commits tab	Git data is only shown if the user has a Git server account, GitHub for example, that has permissions to this repository.
Jira issue	Git development panel	Users without permission can see the number of commits but won’t be able to view the commit code diffs, branch name or repository name.
Project sidebar	Git Commits	Git data is only shown if the user has a Git server account, GitHub for example, that has permissions to this repository.
Repository browser	Repository view	Git data is only shown if the user has provided a Git service account.

Supported git platforms

Integration	Supported?	Result
GitHub git repositories	Yes	GITHUB CLOUD/SELF-HOSTED Users will only see the GitHub integration data when a PAT is provided for it.
GitLab git repositories	Yes	GITLAB.COM/SELF-MANAGED GITLAB Users will only see the GitLab integration data when a PAT is provided for it.
Azure git repositories	Yes	MICROSOFT AZURE DevOps/TFS/VSTS Users will only see the Azure/TFS/VSTS integration data when a PAT is provided for it.
AWS git repositories	No*	COMING SOON *Support for AWS CC on the Enforce Git service permissions feature will be added sometime later in 2022.

General setting: Enforce Git service permissions (advanced)

Max permission cache age – This setting grants administrators the ability to set how long Git server permissions are cached in Git Integration for Jira app. The default value for this setting is 24 hours.

The Require User PAT general setting must be enabled to use the Enforce Git Service permissions feature.

Have feedback about this article? Did we miss something? Let us know!