OAuth 2.0 scopes for incoming links
When configuring an incoming application link, you need to select scopes; that is, the permissions that the application can have on behalf of a user in your Bamboo instance.
What the application can do with scopes
As an admin, you can select which scopes the application can request from the authorizing user, but the actual permissions will always be limited to what a particular user can do themselves. For example, even if you select the TRIGGER scope, the application won't be able to use the permissions associated with that scope if the authorizing doesn't have the Build permission.
Scopes
Here are the scopes you can select when configuring the link. The same scopes will be displayed to users when they authorize the integration. They can later be accessed in their user profile in Authorized applications, where they can also revoke the granted access.
| Scope | Description |
|---|---|
READ | The access token will only have permissions to read the same data that the associated user normally has access to in Bamboo. |
TRIGGER | The access token will have permissions to start the same builds and deploy the same environments that the associated user normally can. |
USER | The access token will have the same set permissions as the associated users (including Administrator permissions, if the associated user has them). |