I’m working on setting up the Rally JIRA integration plugin for syncing data between Rally and our JIRA system. The setup guide mentions that you need to create a JIRA user with administrator privileges for this connector to work properly.
I’m confused about why admin access is required. From what I can see, the connector mainly updates custom fields like RallyID and RallyURL in specific JIRA projects. Wouldn’t project-level edit permissions be sufficient for these operations?
When I tried removing admin rights from the connector user account, the plugin detected this change and stopped working completely. It seems like there’s a built-in check that validates administrator status.
Is there something more complex happening behind the scenes that needs admin privileges? Can this administrator requirement be bypassed or modified so we can use a less privileged account with just the necessary project permissions instead?
Yeah, it’s annoying but Rally Connector messes with Jira’s global custom field settings. When I set mine up, it created new field contexts and changed screen schemes across multiple projects. Without admin rights, those APIs just fail and you get useless error messages that don’t help you figure out what went wrong.
Rally needs admin access because it has to do schema-level stuff that regular users can’t touch. I’ve worked with this connector before - it creates and modifies issue link types on the fly to connect Rally artifacts with JIRA issues. Those link types are global settings, so you need admin rights. The connector also does bulk operations across different projects when syncing Rally’s hierarchical data. It needs to read config details from projects the service account normally wouldn’t access, especially with cross-project dependencies. That validation check you hit is hardcoded because Atlassian’s APIs will throw auth errors without proper privileges, and then the whole sync process crashes unpredictably. There’s no supported way to dial back these permissions and keep everything working. The connector was built assuming you’d have global admin access from day one.
The admin requirement exists because Rally’s connector does way more than just update fields. When I implemented it, I found it actually modifies JIRA’s field configurations, workflow schemes, and permission mappings across multiple projects at once. It creates custom field contexts and manages field screen associations on the fly based on Rally’s project structure. You need global admin permissions because these operations change JIRA’s core configuration, not just project data. The connector also handles user mapping through JIRA’s user management APIs, which only admins can access. There’s a built-in validation check because without elevated permissions, sync fails silently and becomes a nightmare to debug. No real workaround exists - these are core requirements for how the integration works at the system level.