Admin FAQ
- Rustem Shiriiazdanov
- Andrei Pisklenov
- 1 General FAQ
- 1.1 What platforms is the app compatible with?
- 1.2 Does the app provide role-based access permissions to users?
- 1.3 What are the minimum requirements for supported browsers?
- 1.4 Can we restrict access to the application from a specific customer public IP gateway?
- 1.5 Where can I view the privacy policy for Report Builder?
- 2 Security and technical FAQ
- 2.1 What type of data will be stored/processed/accessed?
- 2.2 How does the app get and modify data?
- 2.3 What platform and programming language was used to develop the application?
- 2.4 Which authentication protocols and technologies are supported?
- 2.5 How do you achieve the security of data at rest?
- 2.6 How is customer data separated from other customers (if the solution is offered in a multi-tenant model)?
- 2.7 How is the security monitoring for this app performed?
- 2.8 How often do you perform security testing?
- 2.9 What is your security incident management process?
General FAQ
What platforms is the app compatible with?
Report Builder is available for all Jira instances (Jira Core, Jira Software, Jira Service Management) on Server, Data Center and Cloud.
Does the app provide role-based access permissions to users?
Yes, there are a few roles that could be assigned to define the restrictions and assignee roles. Read more about permissions in Report Builder https://actonic.atlassian.net/wiki/spaces/ARB/pages/6167920733
What are the minimum requirements for supported browsers?
Desktop browsers:
Google Chrome (Windows and Mac) - Latest stable version supported
Safari (Mac) - Latest stable version on latest OS release supported
Mozilla Firefox (all platforms) - Latest stable version supported
Microsoft Edge - Latest stable version supported
Can we restrict access to the application from a specific customer public IP gateway?
Yes, as a part of Jira security configuration.
“IP allow listing” is available with Premium plans for Jira Software, Jira Service Management, and Confluence. Learn more about Jira Cloud plans.
Where can I view the privacy policy for Report Builder?
Transparency is part of our DNA. Because we live by these values, we are happy to provide full insight into our Report Builder privacy policy.
Security and technical FAQ
What type of data will be stored/processed/accessed?
Report Builder app can access only issues visible for “current user,” which means a person currently using Report Builder. Depending on the report type, the app can access:
Issues
Issue fields
Work log
Comments
The app doesn’t store any PD in our application or outside Jira.
100% Safe & Secure
All data needed from Jira Cloud is processed directly in your browser and does not pass out.
How does the app get and modify data?
To get and modify data in Jira and Confluence, Report Builder uses public Jira and Confluence REST APIs. For example, we are getting issues and work logs to calculate the Jira Cloud REST API reports data.
Our app uses all the required Authorization and Security technologies provided by Atlassian:
https://developer.atlassian.com/cloud/jira/software/security-overview/
https://developer.atlassian.com/cloud/jira/software/security-for-connect-apps/
What platform and programming language was used to develop the application?
To develop our app, we used the Atlassian Connect framework for communications between our app and Jira. For the back end, we used NodeJS and frontend JavaScript.
Which authentication protocols and technologies are supported?
Report Builder app works on the top of the Jira authentication system and supports all the available authentication settings.
How do you achieve the security of data at rest?
Report Builder for Jira Cloud is available over SSL only. We are using a valid (not a self-signed) browser-trusted certificate, without any human intervention, and all the communications between “Client ↔︎ Jira Cloud application ↔︎ Our app” are encrypted.
How is customer data separated from other customers (if the solution is offered in a multi-tenant model)?
We have measures in place to ensure that all the customers are logically separated so that the actions of one customer cannot compromise the data of other customers.
In the version for Jira Cloud, we use a concept that Atlassian refers to as the “tenant context” to achieve logical isolation of all the customers. This is implemented in the Atlassian Connect framework and managed by the “Tenant Context Service” (TCS). This concept ensures that:
Each customer’s data is kept logically segregated from other tenants when at rest.
Any requests processed by our app have a “tenant-specific” view, so other tenants are not impacted.
How is the security monitoring for this app performed?
Our security monitoring includes the following:
Role-based mechanism to access all the parts of infrastructure separately.
The app creates a massive collection of event logs for analysis and investigation.
Regularly reviewing of records to improve alerting mechanisms or to manually identify security incidents.
How often do you perform security testing?
As a part of our internal audit process, once per quarter.
What is your security incident management process?
Our security incident management plan is not publicly available. However, in case of any incidents, please get in touch with support@actonic.atlassian.net.