Security configuration changes within your JEMHC Profile

1 Summary
2 What is changing?
3 How to identify if I am affected by these changes?
4 Where can I find these new settings?
5 How do I reconfigure profile configuration to allow historic behaviour?

Summary

JEMHC Profiles will have a new ‘Security’ page to allow more control over Jira user and email only sender behaviour.

By default, the new Jira user configuration has been enabled, but can be switched off if required by following the related steps on this page.

What is changing?

Our existing ‘non-Jira security’ profile configuration has been revamped to provide more control over issue security, depending on if the sender address has a User account or is treated as email only.

The latest change will introduce a new ‘Security’ section of the Profile mapping, containing the historic ‘non Jira security’, along with new ‘Jira security’ configuration: https://thepluginpeople.atlassian.net/wiki/x/BICDPwE

As part of this change, the new Jira security configuration setting has been enabled for all customers Profile configuration by default.

How to identify if I am affected by these changes?

If you previously relied on the JEMHC app user commenting on behalf of Customer or User accounts, emails from these users will begin to fail, with a new error in the audit report:

The error message here indicates that the User or portal customer with an email sender@company.com does not have the correct permissions to create the request because one or more permission validation failed. Due to this, the new Jira security configuration has rejected the request.

If you still require JEMHC app user fallback for these requests, read on to learn how to update your profile configuration to continue supporting this behaviour.

Where can I find these new settings?

The new Security page can be found from your JEMHC Profile > Project Mapping > Security.

Related documentation can be found at: https://thepluginpeople.atlassian.net/wiki/x/BICDPwE

How do I reconfigure profile configuration to allow historic behaviour?

By disabling Jira security configuration, it is possible for requests to be made on behalf of Jira users that do not have the correct permissions to perform create/comment requests.

Because of this, it is advised to only update this configuration only if you require Jira security disabled.

To disable Jira security configuration from the JEMHC profile, allowing the JEMHC app user to create/comment on behalf of the user without correct permissions:

Navigate to JEMHC > Profile > Project Mapping > Security
Disable ‘Jira Security’.
Save changes.