Custom Jira Charts for Confluence

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

User Impersonation

User Impersonation FAQ

User Impersonation allows Confluence users (even those without a Jira licence) to view Custom Jira Charts on a Confluence Page. This feature solves the problem:

I want to create a chart on Confluence that anyone with view access to the page can see, but they don’t need to have a Jira account or even the specific Jira permissions that I have.

Custom Jira Charts can load data by impersonating a selected user.

Use Case Example

Eve is a project manager for a development team working in Jira. She has been asked to create a report in Confluence that shows the company directors how the project is going. These directors don’t have access to Jira and one of the projects they care about is a restricted secret project that only Eve and her team can see.

Here is what would happen if Eve created a chart without User Impersonation:

And here’s what that same chart looks like when Eve enables User Impersonation and impersonates herself:

Without User Impersonation, the directors will see “No data” because they don’t have the required access to Jira to view the same data as Eve. When User Impersonation is used, they see exactly the same data as Eve, providing a consistent report for everyone who views the Confluence page.

How to enable User Impersonation

By default, every Custom Jira Chart data is loaded without impersonation. This means the data will be loaded from Jira using the permissions of each individual user who views the Confluence page. Each user who views the chart, therefore, requires a Jira licence as well as the required permissions to view the specific data.

Once you have one of the required User Impersonation Permissions you will be able to create Custom Jira Charts and with User Impersonation.

Display Settings

The “Data loaded as” label under the chart can be removed using the display setting “Show impersonation user under chart”

User Impersonation FAQ

 Is User Impersonation enabled by default?

No. By default, User Impersonation is disabled and no users have access to Impersonate themselves, or any other users.

To give users access to this feature individual users and/or groups must be added to the User Impersonation Permissions in the Custom Jira Charts administration settings.

 How is User Impersonation secured? What is a "Unique Hash" for User Impersonation?

When a user builds a Custom Jira Chart in the Confluence editor and clicks Insert or Save a number of very important steps happen:

  1. The User Impersonation permissions of the user are checked again to ensure that they still have the correct permissions to create a chart impersonating the selected user

  2. Every parameter from the chart is used to generate a unique hash. This includes:

    1. The source JQL or Saved Filter for finding issues

    2. The Chart By and Group By field selections

    3. All segment configuration (color, names, order, etc.)

    4. The page ID of the page the chart is being created on

  3. This hash is sent to the database

    1. On Confluence Server and Data Center this is the same database as your Confluence instance

    2. On Confluence Cloud, this hash is stored on the Custom Jira Charts database

This means that, if anyone attempts to change anything about the chart, even the color of a segment, the hash that is created won’t match the has stored in the database and there will be an error.

User Impersonation is secure by design so that only the Jira data specified by the creator of the chart is displayed.

 Who can view a Custom Jira Chart when User Impersonation is being used?

When User Impersonation is enabled, anyone who has the View permission on the Confluence page will be able to view the Custom Jira Chart.

This means that anyone who can view the Confluence page, even Confluence users without Jira licences are able to view the Custom Jira Chart.

If your Confluence instance has public access enabled then User Impersonation will also allow anonymous users to view charts on pages where the anonymous view permission is enabled

 Can someone without the right permissions edit a chart I've created?

No. When a chart with User Impersonation is saved, a unique hash is generated specifically for that chart configuration. This unique hash means that there can be no changes made to the chart unless the user trying to edit the chart has the correct permissions. If a user without the correct User Impersonation permissions tries to edit a chart, this is the message they will see:

If a user clicks “Remove User Impersonation” then the chart will revert to the default setting of no impersonation and load the data as the current user.

 Does User Impersonation work with the Simple Search macro?

No. When the data source for a Custom Jira Chart is a Simple Search macro then User Impersonation is disabled. This is because the Simple Search macro allows for arbitrary JQL to be run which would bypass the security restrictions we have built for User Impersonation, allowing any user viewing the chart to write any JQL query.

This is something we are looking to improve in future but for now, this feature is disabled.

 If a chart is copied to a different page with User Impersonation enabled will it still work?

No. A chart created with User Impersonation will only have User Impersonation enabled for the specific Confluence page on which it was created. This is because of the unique hash that is associated with the chart is related to the Confluence page ID. Therefore, if the page ID changes because the chart is copied to a new page, then the unique hash will no longer match what is stored in the database and the chart will revert to the default setting of no impersonation and load the data as the current user.

This means that, if you copy the chart to a new page it will keep all the configuration (JQL, colors, title, etc.) but it will switch back to the default setting of no impersonation and load the data as the current user.




Old Street Solutions Ltd. © 2021
  • No labels