Workarounds
Background Information
Some Jira cloud API functionality is not accessible to cloud apps, such as the ability to lookup user's by their email address (AC-1014). To workaround this limitation, JEMHC requires a pre-existing Jira user with appropriate permissions to be configured as a "workaround" user, JEMHC authenticates as this user to perform user lookup API requests that cannot be executed by the JEMHC app user.
Configuring a JEMHC Workaround User
To configure the Workaround User you will need the following information:
A Jira User that has admin privileges and has been allocated the Browse users and groups permission within Global Permissions. Steps to grant the Browse User and Groups permission are highlighted under the Allocating the Global BROWSE_USER permission heading.
The API token for that Jira User. Steps to generate the API token are highlighted under the How to Generate an API Token heading.
Once the above information has been gathered, you will then need to go to JEMHC > Workarounds > Admin Operations and enter the following information:
The Jira User’s E-Mail address or Username within the E-Mail/Username field.
The API Token that was generated for that Jira User within the API Token field.
Allocating the Global BROWSE_USER permission (so JEMHC can lookup users by their email address)
In order for the Workaround user to be able to check if a user exists, they need to be allocated the Browse users and groups Global Permission. This is done within System > Security > Global Permissions, at the bottom of the screen there is a section to Grant Permission, pick the Browse users and groups, and nominate a restricted membership group, that your workaround user will be a member of:
Allocating the Global ADMINISTER permission (so JEMHC can create users)
In order for JEMHC to be able to create users, the global ADMINISTER permission is required to be held by the workaround user. Global Permissions are only allocated through groups:
Navigate to System settings
Check the “Administer Jira” Permission groups, the workaround user must be and remain a member of this group to prevent runtime failure to create users.
How to Generate an API Token
API tokens last a year and then expire, you will need to redo this every year.
API Tokens are user specific, which means that if you change the Workaround User then you would need to generate a new API token for that user.
Click API Tokens (May need to access Account Security Settings first)
Click Create API Token
A dialogue window will appear, enter a descriptive name for the API token in the Label field
Click Create
An API Token will be generated and will then appear, press Copy to copy the token