Name | SU for JIRA |
|---|---|
Author(s) | |
Homepage | |
Price | Commercial |
Compatibility | JIRA 5 or newer |
Marketplace | |
Issues | https://thepluginpeople.atlassian.net/servicedesk/customer/portal/1/group/1/create/6 |
What is SU?
As a JIRA administrator you get users saying 'I cant do xyz', or you have conversations like 'you should see xyz' and the phone says 'no I cant'. You need to be your user to ensure clarity of instructions, and to spot/resolve other kinds of problems. Without giving passwords away, how do you do that? Well, you use this plugin. This plugin enables system administrators to become another user (to 'su' in Linux speak), enable setup, testing etcInstallation
You can install this plugin via the universal plugin manager!
License install
The Plugins 'configure' link lets you request an EVAL license. Follow the screenshots listed on the plugin page
Licensing
Marketplace licenses (obtained via the Marketplace) can be installed directly:
Keyboard Shortcut
@since JSU 1.5.4
A global keyboard shortcut is available for SU, to see available shortcuts press ?, to trigger the SU prompt, press the combination g + u, then you will get:
User Prompt | User Selection | Ready to Submit |
|---|---|---|
 |  |  |
Controlling Access
@since JSU 1.5.5
Only system admins can configure who can SU, anyone with SU capability cannot SU to a user with system admin capability!
The SU keyboard shortcut will only be visible for people who have the SU capability
Appropriateness of SU is validated at the point of SU, so SU links will be shown for System admins etc.
The default behaviour is that System admins and JIRA admins are able to SU, access may also be granted to nominated groups (note: probably not a good idea to add jira-users into this!):
Default Access | With Delegated Group Access |
|---|---|
 |  |
SU-Exit
The SU Exit for JIRA SU is accessed via the toolbar, as shown below:
Logging
With SU v1.8.3 (Jira 7.10.x), its now also possible to log out SU activity, to track common SU related actions (SU to userX, SU exit, history retention changes, manual purge etc).
Add the following to your JIRA_HOME/WEB-INF/classes/log4j.proprties file, it will then append high level actions to the give files, here, we create 'su.log' specifically to capture this info, but also send a copy to the console and filelog, remove as needed.
##==========================================
##
## SU logging
##
log4j.appender.SUFileLog=com.atlassian.jira.logging.JiraHomeAppender
log4j.appender.SUFileLog.File=su.log
log4j.appender.SUFileLog.MaxFileSize=20480KB
log4j.appender.SUFileLog.MaxBackupIndex=5
log4j.appender.SUFileLog.layout=org.apache.log4j.PatternLayout
log4j.appender.SUFileLog.layout.ConversionPattern=%d %t %p [%c{4}] %m%n
log4j.appender.SUFileLog.Threshold=INFO
#
# add entries for all SU packages
#
log4j.logger.com.javahollic.jira.jsu=INFO, console, filelog, SUFileLog
log4j.additivity.com.javahollic.jira.jsu=false
Centrally logging?
After enabling logging, in 1.8.5+ the following will be seen for SU and SU-Exit actions:
2018-10-08 14:01:47,710 http-nio-8080-exec-6 INFO [jira.web.action.JiraSUAction] SU Complete, From [user=admin, name=admin] To [user=test, userName=test] ... 2018-10-08 14:02:11,512 http-nio-8080-exec-12 INFO [jira.web.action.JiraSUExitAction] SU EXIT Complete, From [user=test, name=test] BackTo [user=admin, userName=admin]
Manual Tweak required (Prior to V 1.4.4)
Modify the file /atlassian-jira/secure/admin/user/views/userbrowser.jsp to get a UI 'SU' link. Find the following (starting around line 182 in JIRA 5.2), the bold section is added to make the SU link visible.
<td data-cell-type="operations">
<ul class="operations-list">
..<li><a id="su_link_<webwork:property value='name'/>" href="<ww:url page='JiraSU.jspa'><ww:param name="'name'" value='name' /></ww:url>">SU</A></li>
<li><a id="projectroles_link_<ww:property value="name"/>" href="<ww:url page="ViewUserProjectRoles!default.jspa"><ww:param name="'name'" value="name" /><ww:param name="'returnUrl'" value="'UserBrowser.jspa'" /></ww:url>"><ww:text name="'common.words.project.roles'"/></a></li>
...
</ul>
</td>
The manual approach
Jira 3.x - 4.1.x Add the following beneath it:
| <a id="su_link_<webwork:property value="name"/>" href="<webwork:url page="JiraSU.jspa"><webwork:param name="'name'" value="name" /></webwork:url>">SU</A>
Jira 4.2
| <a id="su_link_<webwork:property value='name'/>" href="<ww:url page='JiraSU.jspa'><ww:param name="'name'" value='name' /></ww:url>">SU</A>
Jira 4.4+ - 6.0
<li><a id="su_link_<webwork:property value='name'/>" href="<ww:url page='JiraSU.jspa'><ww:param name="'name'" value='name' /></ww:url>">SU</A></li>
Usage
Once installed, as a system administrator, go to the User Browser, you will find a SU link in the Operations column. Clicking SU will reset who you are to the given user, and return you to the Dashboard.
Alternate usage (no install needed)
You can also invoke the SU via the following javascript, contributed by ~eis:
javascript:if(window.location.hostname.search(/jira.+/)==-1){alert(%22Jira%20SU:%20URL%20doesn't%20point%20to%20a%20Jira%20system!%22);}else{void(uid=prompt('Jira%20SU%20('+window.location.hostname+')',''));if(uid){window.location.href=%22https://%22+window.location.hostname+%22/secure/admin/user/JiraSU.jspa?name=%22+uid.toLowerCase();};};
If your Jira isn't deployed to / you will need to update the url with the prefix:
/PREFIX/secure/admin/user/JiraSU.jspa?name=%22+uid.toLowerCase();};};
Version History
TODO | reimplement auditing |
|---|---|
1.3.x | ? |
1.3 | Extend to allow 'exit' back to existing system admin user |
1.2 | Auto redirects to Dashboard on successful SU |
1.1 | bugfix, make work with /jira type context deployments, required interim 'click here' page to get to the Dashboard, couldn't figure out how to redirect straight there. |
1.0 | Initial release |
Open Issues
None yet.