Today we have an update to an earlier update about add-on permissions.

When you install or update an add-on, JIRA will automatically grant the add-on the correct permissions for its scope through the atlassian-addons-project-access role. It will also check the permissions of existing add-ons across all JIRA and JIRA Service Desk projects, and grant them the correct permissions as well.

Previously, service desk projects displayed a warning if the add-on permissions were not correct, and the permissions had to be fixed manually.

FAQ

How does this change affect my project permissions?

To ensure all add-ons can access the permissions that map to their scopes, the atlassian-addons-project-access role will be assigned to all of the permissions in your project scheme. 

What’s a scope?

You can learn more about add-on scopes in the Atlassian Connect documentation.

What's the atlassian-addons-project-access role?

atlassian-addons-project-access is a project role that grants permissions to add-ons according to their scopes. 

How does the atlassian-addons-project-access role use project permissions?

When you install an add-on, JIRA creates a corresponding ‘user’ who is assigned to the atlassian-addons-project-access role in each project. If you don’t want the add-on to have access to a project, you can remove it from the role. Additionally, JIRA always respects add-on scopes over permissions. This means that add-ons only have access to the APIs defined by their scopes, and only have permission to perform the actions defined by their scopes.