Add-on permissions update
Today we have an update to an earlier update about add-on permissions.
When you install or update an add-on, JIRA will automatically grant the add-on the correct permissions for its scope through the atlassian-addons-project-access role. It will also check the permissions of existing add-ons across all JIRA and JIRA Service Desk projects, and grant them the correct permissions as well.
Previously, service desk projects displayed a warning if the add-on permissions were not correct, and the permissions had to be fixed manually.
How does this change affect my project permissions?
To ensure all add-ons can access the permissions that map to their scopes, the atlassian-addons-project-access role will be assigned to all of the permissions in your project scheme.
What’s a scope?
You can learn more about add-on scopes in the Atlassian Connect documentation.
What's the atlassian-addons-project-access role?
atlassian-addons-project-access is a project role that grants permissions to add-ons according to their scopes.
How does the atlassian-addons-project-access role use project permissions?
When you install an add-on, JIRA creates a corresponding ‘user’ who is assigned to the atlassian-addons-project-access role in each project. If you don’t want the add-on to have access to a project, you can remove it from the role. Additionally, JIRA always respects add-on scopes over permissions. This means that add-ons only have access to the APIs defined by their scopes, and only have permission to perform the actions defined by their scopes.