SU for Bitbucket

SU for Bitbucket

Following on the theme, SU is now available for Bitbucket. 

What is SU

SU is an administration tool to allow administrators to Switch User to other users, to effectively take on their identify, by clicking on a SU link in the User Browser.

What Are the Benefits

SU gives you, as the admin, the ability to know that your security configurations are valid, that your users can do what you expect, and not more.  If problems occur, you are able to see the problem by experiencing it, and after fixing the problem you can verify it, meaning you fix the users problem on the first interaction, and you become Awesome in the eyes of your users!

Configuration

No manual configuration is required in SU for Stash, the SU link is dynamically injected, just go to the user browser to see the link:

Usage

Once you have SU'd to the user required, a new top level menu option will appear giving you the ability to drop back to your admin persona, its available only for 5minutes as a security precaution.

SU Logging

You can enable more detailed logging with BBSU 2.0.3 and the following modification to BB_INSTALL/app/WEB-INF/classes/logback.xml (tested with BB 5.14.1).  The logfile su-audit.log will be in BB_HOME/log/audit.

    <appender name="su.auditlog" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <encoder>
            <charset>UTF-8</charset>
            <pattern>${log.format}</pattern>
        </encoder>
        <file>${log.dir}/audit/su-audit.log</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
            <fileNamePattern>${log.dir}/audit/su-audit-%d.%i.log.gz</fileNamePattern>
            <maxFileSize>25MB</maxFileSize>
            <maxHistory>100</maxHistory>
        </rollingPolicy>
    </appender>

    <logger name="com.thepluginpeople.bb.su.servlet" level="INFO">
	<appender-ref ref="su.auditlog" />
    </logger>

Example log output:


2018-10-08 15:36:38,073 INFO  [http-nio-7990-exec-4] admin @5R4103x936x23x0 3xok4l 0:0:0:0:0:0:0:1 "GET /plugins/servlet/bbsu/su HTTP/1.1" c.t.bb.su.servlet.SuServlet SU Complete, From [user=admin, name=admin] To [user=testuser, name=test user full name]
...
2018-10-08 15:37:13,889 INFO  [http-nio-7990-exec-2] testuser @5R4103x937x27x0 3xok4l 0:0:0:0:0:0:0:1 "GET /plugins/servlet/bbsu/suexit HTTP/1.1" c.t.bb.su.servlet.SuExitServlet SU EXIT Complete, From [user=testuser, name=test user full name] BackTo [user=admin, name=admin]


SU Auditing

The SU Audit Log is available from the SUPPORT Stash Administration menu section.  The history is checked for flushing every time SU occurs.

 


EULA

This software is licensed under the provisions of the Standard EULA from the Atlassian Marketplace Terms of Use as a Marketplace Product.

The "Standard EULA" is reproduced here for convenience. In this case, the "Publisher" is The Plugin People Ltd:

(i) The Publisher is the licensor of the Marketplace Product and Atlassian is not a party to the Publisher EULA or this Standard EULA, as applicable.

(ii) If the Marketplace Product does not include a Publisher EULA that specifies Marketplace Product license rights, Publisher grants you a limited, worldwide, non-exclusive, non-transferable and non-sublicensable license to download and use the Marketplace Product only on hardware systems owned, leased or controlled by you.

(iii) Licenses granted by Publisher are granted subject to the condition that you must ensure the maximum number of Authorized Users that are able to access and use the Marketplace Product concurrently is equal to the number of User Licenses for which the necessary fees have been paid to Atlassian and/or its authorized partners (each, an "Atlassian Expert"). You may purchase additional User Licenses at any time on payment of the appropriate fees to Atlassian or an Atlassian Expert. "User License" means a license granted under this EULA to you to permit an Authorized User to use the Marketplace Product. The number of User Licenses granted to you is dependent on the fees paid by you. "Authorized User" means a person who accesses and uses a Marketplace Product under the EULA and for which the necessary fees have been paid to Atlassian and/or an Atlassian Expert.

(iv) Any information that Publisher collects from you or your device will be subject to any Publisher EULA, privacy notice, or similar terms that the Publisher provides to you, and will not be subject to the Atlassian Privacy Policy (unless Atlassian is the Publisher).

(v) You may not modify, reverse engineer, decompile or disassemble the Marketplace Product in whole or in part, or create any derivative works from or sublicense any rights in the Marketplace Product, unless otherwise expressly authorized in writing by Publisher.

(vi) The Marketplace Product is protected by copyright and other intellectual property laws and treaties. Unless otherwise expressly stated in the Publisher EULA, Publisher or its licensors own all title, copyright and other intellectual property rights in the Marketplace Product, and the Marketplace Product is licensed to you directly by the Publisher, not sold.


Additional Terms

This product is covered by the General Software Product EULA.

Recent space activity

Space contributors