Issue search
Which component is affected?
Prowler UI
Cloud Provider (if applicable)
Not applicable
Steps to Reproduce
In Prowler v5.21.1, users assigned to a custom role with the permissions Manage Integrations and Manage Scans, and with access restricted to a specific group of accounts, are not able to use the "Send to Jira" functionality.
The "Send to Jira" button only works if the role is granted "Unlimited visibility", which is not possible in my case.
I would like to understand whether this is a bug in the permission/visibility model or if there is any missing permission that is not documented, and how this can be resolved without granting Unlimited visibility.
Steps to Reproduce
Use Prowler version 5.21.1.
Configure Jira integration in Prowler.
Create a custom role with:
Permissions:
Manage Integrations
Manage Scans
Visibility: limited to a specific group of accounts (not Unlimited visibility).
Assign this role to a test user.
Log in as this user and open a finding that should be eligible for Jira integration.
Check the UI for the "Send to Jira" option.
Actual Behavior
The "Send to Jira" button is not working for users with:
Manage Integrations
Manage Scans
Visibility limited to a specific account group
The "Send to Jira" button only works after updating the role to grant Unlimited visibility.
Environment
Prowler version: 5.21.1
Integration: Jira
Role configuration:
Permissions: Manage Integrations, Manage Scans
Visibility: limited to a specific account group (not Unlimited visibility)
Additional Information / Questions
Is Unlimited visibility currently a hidden requirement for using "Send to Jira", or is this an unintended side effect?
Are there any additional permissions or visibility settings required for the Jira integration that are not reflected in the current documentation or UI?
Could this be a bug in the permission/visibility check for showing the "Send to Jira" action?
Expected behavior
The user with the custom role (Manage Integrations + Manage Scans + limited account group) should be able to use the "Send to Jira" functionality for findings within the accounts they are allowed to access.
Unlimited visibility should not be required to use "Send to Jira", as this breaks the principle of least privilege.
Actual Result with Screenshots or Logs
Print of User using limited Role trying to use Sendo to Jira
When add the Unlimited visibility to the Role, it's possible to send the issue to Jira
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
EC2 with local docker (25.0.14)
Prowler version: 5.21.1
OS used
Amazon Linux 2023 (6.12.63-84.121.amzn2023.x86_64)
Prowler version
5.21.1
Python version
3.9.25
Pip version
21.3.1
Context
No response
Issue search
Which component is affected?
Prowler UI
Cloud Provider (if applicable)
Not applicable
Steps to Reproduce
In Prowler v5.21.1, users assigned to a custom role with the permissions Manage Integrations and Manage Scans, and with access restricted to a specific group of accounts, are not able to use the "Send to Jira" functionality.
The "Send to Jira" button only works if the role is granted "Unlimited visibility", which is not possible in my case.
I would like to understand whether this is a bug in the permission/visibility model or if there is any missing permission that is not documented, and how this can be resolved without granting Unlimited visibility.
Steps to Reproduce
Use Prowler version 5.21.1.
Configure Jira integration in Prowler.
Create a custom role with:
Permissions:
Manage Integrations
Manage Scans
Visibility: limited to a specific group of accounts (not Unlimited visibility).
Assign this role to a test user.
Log in as this user and open a finding that should be eligible for Jira integration.
Check the UI for the "Send to Jira" option.
Actual Behavior
The "Send to Jira" button is not working for users with:
Manage Integrations
Manage Scans
Visibility limited to a specific account group
The "Send to Jira" button only works after updating the role to grant Unlimited visibility.
Environment
Prowler version: 5.21.1
Integration: Jira
Role configuration:
Permissions: Manage Integrations, Manage Scans
Visibility: limited to a specific account group (not Unlimited visibility)
Additional Information / Questions
Is Unlimited visibility currently a hidden requirement for using "Send to Jira", or is this an unintended side effect?
Are there any additional permissions or visibility settings required for the Jira integration that are not reflected in the current documentation or UI?
Could this be a bug in the permission/visibility check for showing the "Send to Jira" action?
Expected behavior
The user with the custom role (Manage Integrations + Manage Scans + limited account group) should be able to use the "Send to Jira" functionality for findings within the accounts they are allowed to access.
Unlimited visibility should not be required to use "Send to Jira", as this breaks the principle of least privilege.
Actual Result with Screenshots or Logs
Print of User using limited Role trying to use Sendo to Jira
When add the Unlimited visibility to the Role, it's possible to send the issue to Jira
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
EC2 with local docker (25.0.14)
Prowler version: 5.21.1
OS used
Amazon Linux 2023 (6.12.63-84.121.amzn2023.x86_64)
Prowler version
5.21.1
Python version
3.9.25
Pip version
21.3.1
Context
No response