AWS Security ChangesHomeSearch

AWS amazonq documentation change

Service: amazonq · 2025-04-18 · Documentation medium

File: amazonq/latest/qbusiness-ug/jira-prereqs.md

Summary

Added new security prerequisites including Administer Jira permissions, email visibility requirements, and project access permissions for company-managed projects

Security assessment

Documents security-related configuration requirements for access control and system integration, but does not address a specific disclosed vulnerability

Diff

diff --git a/amazonq/latest/qbusiness-ug/jira-prereqs.md b/amazonq/latest/qbusiness-ug/jira-prereqs.md
index f5528daea..44f5b376d 100644
--- a//amazonq/latest/qbusiness-ug/jira-prereqs.md
+++ b//amazonq/latest/qbusiness-ug/jira-prereqs.md
@@ -21,0 +22,11 @@ Before you begin, make sure that you have completed the following prerequisites.
+If you have company-managed Jira projects, you need to perform the following:
+
+  * **Administer Jira Permissions** : The service account - the user configuring the Amazon Q Business integration - must have **Administer Jira** permissions. These permisssions are required to read and interpret the permission schemes of company-managed projects to build appropriate Access Control Lists (ACLs). To assign this permission, go to the Settings icon in Jira, then navigate to **System > Global Permissions**. Add the _Administer Jira_ permission to the service account.
+
+  * **Email Visibility Settings** : Jira must provide access to the email address of the users for Amazon Q Business to correctly validate document-level permissions. To enable this, update profile settings by navigating to **Profile Picture → Manage Account > Privacy**, and setting **Email Visibility** to Anyone. This is a requirement due to limitations in Jira's API that impact integrations with external tools such as Amazon Q Business.
+
+  * **User and Project-Level Permissions** : The admin user associated with the integration must have at least **Browse Projects** permission in Jira. This can be granted directly or indirectly through a group, project role, or any other applicable configuration. To verify permissions, navigate to the specific Jira project, go to **Project Settings > Permissions**, and confirm that the admin user **Browse Projects** permission. To validate permissions, use the **Permission Helper**. Enter the user alias and select **Browse Projects** permission to check access.
+
+
+
+