App security


Group export for Jira app is made for Jira users with administrator or system administrator global permissions.

User interface security

The groups export menu item is placed after the Groups menu item on the Jira User management page. This menu item is NOT protected by Jira secure administrator session also known as WebSudo.

A Jira user with wrong global permissions will be redirected to Jira base URL when trying to access the Groups export action URL.

REST API security

REST API endpoints are secured for Jira users with administrator or system administrator global permissions as well. You will get a HTTP 401 unauthorized if you access these endpoints with bad credentials or wrong global permissions.

Servlet security

Servlets have the same security setup as REST API endpoints.