Use your Jira Service Management as your “User & Roles” frontend solution
We manage our access to an application in a Postgres database. To create a user interface for the users & roles as quickly as possible, we simply adapted the Jira service management interface for our use case. The most important thing was to implement the process as simply as possible. Furthermore it was essential to implement an approval process and an automatic synchronisation with the database.
We want to manage the user & role rights independently, simple and fast. The various rights are queried via a request in the Jira Service Management. A python script is used to write the information from the Jira issue to the database. Thus, the info about the user and his rights are stored in the PostgreSQL database. The maximum rights that can be assigned are also stored there.The process in Jira is completely automated and the approval process is also mapped there. In this way, the role process can be fully automated, secured by the approval process and set up in a traceable manner.
The data input
We set up a project for our users&roles topic. We’ve created a jira-request with just three fields: “Approver”, “Project specific label (multi select)” and Due-Date. The Approver field is shown as the “supervisor field” and requests the users supervisor, later can be used to map the approval workflow. The desired roles can be selected via the dropdown field. Exactly those will then be transferred to the databank later. The dropdown value is pre-filled with the appropriate values by the admins. With the due date field we’ll ask the colleague for the required period of his rights. These fields already show all the necessary information for the permission process. The user himself has already registered on the portal and is well known.
The data transfer
The Python script runs on an Airflow instance. The dag is triggered as soon as a ticket is created that matches the conditions in the outgoing jira webhook to airflow. The webhook contains the ticket number of the request and so the code can pull the relevant data with the jira-python library from the ticket, for example the requested_user = issue.fields.reporter . This way the dag can be enriched with all the info from the ticket.
Further the python script checks the requirements like if the roles are still valid, enough licenses are available and if the user already has permissions. This information is executed in the database via SQL executions through a cursor connector and passed back to the script. If all conditions are met, the data is written to the database via the cursor and the output is sent to the customer via a comment in the Jira ticket.
The data storage
The PostgreSQL is hosted on AWS and contains all the information about the authorised users and their roles. The authentication of the application can then connect to the database and check those granted roles. The AWS service can be implemented through a Terraform Deploy using two resources. A Security Group must be created in addition to the RDS database to allow inbound traffic over the DB standard port (5432).The outputs of the deploy then provides the connection-information to access the DB.
Conclusion
The functionalities that Jira brings and a suitable workflow with clearly defined input parameters can be the perfect front-end solution for role and user management. The Python script is used for the transfer to the database by an airflow trigger and can be implemented relatively easily. So you have a cool and functional interface and an automated user approval workflow in just a few steps.
