Actor Risk Profile

Visual
Where to find it:Operations AnalyticsAdmin & permission activity
Pro Advanced
Open in dashboard

Every configuration change has an author. This visual shows you which accounts are responsible for the most admin-level events — and what types of actions they are taking. A human admin doing planned migrations looks different from an automated service account triggering unexpected deletions.

This is the “who” view for permission drift. It is particularly important for identifying over-permissioned accounts (service accounts with admin rights they shouldn’t have) or unusual activity from accounts that are not recognized Jira administrators.

What you can conclude

  • A service account (non-human) appearing at the top of this ranking with deletion events is a potential security concern — verify that it has only the permissions it needs.
  • An account making many deletion events should be verified as an authorized administrator performing a planned cleanup.
  • Accounts with no recognized name or unclear purpose warrant an immediate access review.

How this chart works

Ranked horizontal bar chart showing which account IDs are responsible for the most permission-level events, with each bar broken down by event type (destructive, creation, update). Note: events with a null actor (system-generated) are excluded from this view but counted in the summary KPI.