Use of "Script Runner" under Administration should be restricted to JIRA System Administrators permission
*This issue has moved*
This issue has been moved permanently to Adaptavist's Product Support JIRA instance.
All existing users of this instance should have the same username on our Product Support instance. However, you will very likely need to click on the
Can't access your account link in order to reset to a new password.
I love the script runner plugin. It has made it possible for me to do several things that would have otherwise been very difficult for me to achieve.
It seems that the Script Runner is restricted to administrators perhaps with JIRA Administrators permission. It should be restricted to JIRA System Administrators permission since it could obviously be used to grant oneself JIRA System Administrators permission or to manipulate files on the server. The Jelly runner appears to be restricted to JIRA System Administrators, so this one should be the same.
JIRA 4.1.1, version 1.6 of plugin
I guess I won't do this... The built-in script workflow functions are of use to people creating workflows, who may just be plain admins, not system admins. Given that within a condition you can run any code, it seems pointless to disable the admin panel but allow access to the workflow function for non-system admins.
Good point. It was written before the distinction was made between admins and system admins. I will look at this for the next release.
If this is a concern for you or anyone else, AFAIK, you should be able to fix this by editing the atlassian-plugin.xml in the jar... from memory, there is something like a roles-required attribute. You could make it the same as whatever's in the jelly runner plugin.