Security and technical FAQ - Data Center

Security FAQ

This article is about the Data Center version of the app. Interesting in a Cloud version?

What options to store work logs are there?

We can define two types of work logs: Secured and Public. Both types of work logs are stored the same way.

Public work logs are hidden for teammates, who do not have view work log permissions or for non-teammates, but some data, added to work log still can be executed from History and All tabs. Unfortunately, data of these tabs cannot be hidden, changed due to Atlassian limitations. That is why we have implemented Secured work log option.

What type of data will be stored/processed/accessed?

Actonic’s Timesheet Builder app can access the following Jira data:

  • From issue:

    • Issue ID

    • Time spent

    • Original estimation

    • Time remaining

  • From work log:

    • Work log author

    • Work log description

    • Work log Start date, Create date, Updated date

  • From current user:

    • Project Roles and permissions

However, it does not store any data in our application or outside Jira. All data is stored on your Jira database.

How does the app get, add and modify data?

To get, add and modify data in Jira, our app is using public Jira REST APIs. For example, with the Jira REST API, we are getting issues and fields to check if they match “Team” issues scope, Jira project permissions.

In data center versions, authentication provided by Jira itself. All the data also stored in the Jira database.

What platform and programming language was used to develop the application?

To develop our app, we are using Atlassian Plugin SDK. We are using Java 8 for back-end and React for front-end.

Which authentication protocols and technologies are supported?

Our Timesheet Builder app works with the Jira authentication system and supports all available authentication settings.

How is data from customers separated from other customers (if the solution is offered in a multi-tenant model)?

All data is stored only on the side of the customer, all data is within a specific company and is managed by this company.

How is the security monitoring for this app performed?

We do not have access to your server.