# Jira Data Center ### Overview This integration enables discovery of Users and Groups, Projects, and Project Roles for Jira Data Center. Use it to: * Search and visualize relationships between Jira users and projects, and the roles granting access. * Review the state of authorization within Jira, such as User > Role, User > Group, or Group > Project access. * Create rules to trigger alerts when entities in Jira are added or removed, or when attributes change. * Visualize federated access to Jira Data Center for IdP identities. See [notes and supported entities](#notes-and-supported-entities) for more information. ### Configuring Jira Data Center Veza connects to Jira Data Center with API keys generated for a Jira user. You should create a Jira user for the integration, and supply the user's API credentials when configuring the integration on Veza. #### Create a Jira User for the integration 1. Log in to Jira as an administrator or system administrator. 2. Click the *Administration* icon at the top right and pick **User Management** from the dropdown. Click **Create user**. 3. Enter a username, password, and email address and save the changes. 4. Assign the `jira-administrators` group to enable Veza to gather user, group, and permissions metadata. Without admin permissions, the integration can only discover Jira projects. See [Create, edit, or remove a user](https://confluence.atlassian.com/adminjiraserver/create-edit-or-remove-a-user-938847025.html) for more details. #### Generate a Personal Access token Create a Personal Access Token for a user with Admin-level permissions. 1. Log in to Jira with the new user account. 2. In Jira, click your profile picture at the top right of the screen to open the **Profile**. Choose **Personal Access Tokens**. 3. Click **Create Token** and give it a name. Optionally, you can set a date for the token to expire. 4. Click **Create** to save the token. Copy the value. Save the token in a secure location, and enter it when configuring the integration on Veza. See [Using Personal Access Tokens](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html). ### Configuring Jira Data Center on the Veza Platform To enable the integration and queue the first extraction: 1. In Veza, go to **Integrations**. 2. Click *Add Integration* and pick Jira Data Center as the type of integration to add. 3. Enter the required information and *Save* the configuration. | Field | Notes | | ------------------------------- | ------------------------------------------------------------------------- | | Insight Point | Choose whether to use the default data plane or a deployed Insight Point. | | Name | A friendly name to identify the unique integration. | | Jira Software Data Center URL | Full URL used to access Jira, such as `https://mycompany.com/jira`. | | Jira Software Data Center Token | User API token from the previous steps. | ### Notes and Supported Entities Veza discovers the following entities and properties within Jira Data Center, and represents them in Access Graph following the OAA Application model: * Jira Software Data Center Business → Custom Application * Jira Software Data Center Project → Custom Resource * Jira Software Data Center Group → Local Group * Jira Software Data Center User → Local User * Jira Software Data Center User Role → Local Role * Jira Software Data Center Permission → Local Permission The integration is tested with Jira Data Center and Jira Server version 9.6. #### Jira Data Center Project | Attribute | Description | | ------------------------ | ------------------------------------------- | | `name` | Project name | | `key` | Project Key | | `description` | Project Description | | `archived` | True if project archived, False otherwise | | `project_keys` | List of historic and current project keys | | `project_lead` | Login of project lead | | `has_public_permissions` | True if any permission on project is public | | `public_permissions` | List of Project Permissions that are public | **Project Permission Schemes**: Jira Permission Schemes can grant users and groups permissions on Project through multiple mechanism. Depending on how the permission is assigned the permission can show up differently in Veza. A single permission can be assigned multiple ways. * **Application Role**- Permission is assigned to the Groups that hold the Application Role. * **Project Role** - The permissions are added to the Project Local Role. Role holders (users/groups) are assigned the role on the project. * **User**- Permission is assigned directly to the Local User. * **Group**- Permission is assigned directly to the Local Group. * **Project Lead** - Permission is assigned directly to the Local User configured as Project Lead. The following assignment types are not currently supported. These permissions would only apply to specific items inside the project and not the project as a whole: * Reporter * Assignee * Group By Custom Field **Public permissions (Anyone)** are represented as a property on the Project. The custom property `has_public_permissions` will be `True` if the Project has any public permissions. The public permissions are listed in the `public_permissions` property on the Project. **Global Permissions**: The connector does not currently support the discovery of global and system-level permissions. #### Jira Data Center Group | Attribute | Description | | --------- | ----------- | | `name` | Group Id | | `name` | Group name | #### Jira Data Center User | Attribute | Description | | -------------- | --------------------------------------- | | `key` | User Id | | `emailAddress` | User's email address | | `name` | User's name | | `displayName` | User's display name | | `active` | True if user is active user, else False | | `is_deleted` | True if user deleted, False otherwise | > Due to Atlassian API limitations, the integration cannot currently retrieve Jira user attributes: `createdAt`, `lastLoginAt`, `deactivatedAt`, and `lastChangeAt`. #### Jira Data Center Role | Attribute | Description | | ------------- | -------------------------------------- | | `project_key` | Key of the project for respective role | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/jira-data-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.