Permissions

Owned by Andreas Schmidt
Last updated: Jun 18, 2024 by Benjamin Linser
4 min read

Jira Cloud app

When installing the app on Jira Cloud, it will ask for five authorizations

These are basic permissions for every app. The app creates tickets, add comments, add properties etc.

Some modifications require delete permissions.

This permission allows the app to impersonate the user. This is necessary when fetching issue information from the system. It easily allows to respect issue & project permissions, by having Jira taking care of it. In addition, when an issue is created, the author should be the user itself, not the app - impersonation makes this possible.

This general administrative permission is required for some specific checks and to read some central configurations. At this point we do not modify any admin settings.

At many occasions the app matches the Jira user with the Microsoft account. This requires the email address of the Jira users that requires an additional permission.

Jira Datacenter

Jira Datacenter does not know the concept of scopes. The app always has full access.

Additionally, the app requires an OAuth1.0a login for each user that grants the same permissions as the user.

Microsoft Graph

Delegated Permissions

Delegated permissions for Microsoft graph are granted, when a single user logs themselves in from Jira with their own account. The app will not request all permissions at once, but only the ones necessary for the feature.

E.g. when working with Microsoft Teams, it will request chat & channel specific permissions. When using the meetings feature, it will request calendar specific permissions.

General

Teams

Emails

Calendar & meetings

Optional scope for Calendar & meetings
Optional scopes for Calendar

To Do

RSC permissions

The Teams app permissions are granted when installing the bot/app in Microsoft Teams.

Even though the list below looks fairly long, most of the permissions are quite basic and the same for all apps that include a bot.

Please note, that permissions like “Read messages in a Team” only apply to the team the app/bot is installed in. Therefore, you have a team with confidential data you don’t want to expose to Jira, the app won’t have access, even if it’s installed in other teams.

 

Admin Permissions

All admin permissions are optional and add more features if granted.

Modern Office add-in

Installing the app via the Microsoft Office store (AppSource) will require access to your mailbox.

This is necessary because we don’t only work with the current email, but also show related issues based on the whole email conversation.

We only use the data to provide the app features.

We only access them when using the add-in and we never store your personal data on an external server (except for Jira itself).