Permission scope details for ARNR

One question that we get from time to time, is why Automated Release Notes & Reports app requires all the following permissions -

  • View email addresses of users

  • Act on a user's behalf, even when the user is offline

  • Administer the host application

  • Administer Jira projects

  • Delete data from the host application

  • Write data to the host application

  • Read data from the host application

Above list can be easily found on the app’s marketplace listings (free & paid) under the Integration Details section on the Overview tab. We answer that question here.

First of all, the bullet list above is a set of permissions that are derived based on the scope the ARNR app requests. For simplification, the scope can be considered as a collection of permissions. ARNR app requests the ADMIN scope since the app needs to fetch users from configured Jira group/s. That is the only integration point behind ADMIN scope that ARNR currently uses. However, as a result, all three permissions (Administer the host application, Delete data from the host application, Administer Jira projects) related to this scope are displayed in the marketplace listing. So, if you are not using Jira groups to send release notes to (through ARNR) - then the app does not even use the admin scope at all.

To be transparent, we are sharing the Scope, Resulting permissions, Integration points that ARNR is using with Jira, and the details around the purpose of using those integration points.

Scope

Resulting permissions

Integration points

Use case details

READ

  • Read data from the host application

/rest/api/2/search

Search issues/users

/rest/api/2/issue/{issueIdOrKey}

Get issue by id or key

/rest/api/2/groups/picker

Get list of groups whose names contain a query string.

/rest/api/2/user

Get user

/rest/api/2/user/bulk

Get users in bulk

/rest/api/2/user/picker

Get list of groups whose names contain a query string.

/rest/api/2/project/{projectIdOrKey}

Get project by id or key

/rest/api/2/permissions/project

Get the projects where the user is granted a list of project permissions.

/rest/api/2/project

Get all projects visible to the user

/rest/api/2/project/{projectIdOrKey}/versions

Get list of all versions in a project.

/rest/api/3/project/{projectIdOrKey}/role/{id}

Get a project role's details and user associated with the project.

/rest/api/2/field

Returns system and custom issue fields according to the following rules:

  • Fields that cannot be added to the issue navigator are always returned.

  • Fields that cannot be placed on an issue screen are always returned.

  • Fields that depend on global Jira settings are only returned if the setting is enabled. That is, timetracking fields, subtasks, votes, and watches.

  • For all other fields, this operation only returns the fields that the user has permission to view.

/rest/api/2/version/{id}

Get version details by id

/rest/api/2/jql/parse

Parses and validates JQL queries. Validation is performed in context of the current user.

/rest/api/2/jql/autocompletedata

Get reference data for JQL searches.

/rest/api/2/jql/autocompletedata/suggestions

Returns the JQL search auto complete suggestions for a field.

/rest/api/3/role/{id}

Gets the project role details and the default actors associated with the role.

/rest/api/3/attachment/content/{id}

Get the contents of an attachment by attachment id.

/rest/api/3/serverInfo

Get information about the Jira instance.

/rest/api/2/project/{projectIdOrKey}/properties/{propertyKey}

Returns the value of a project property.

WRITE

  • Write data to the host application

/rest/api/3/issue/{issueIdOrKey}

Edits an issue. (This scope is used only in AI release notes generator feature).

ADMIN

  • Administer the host application

  • Administer Jira projects

  • Delete data from the host application

/rest/api/2/group/member

get a paginated list of all users in a group.

ACT_AS_USER

  • Act on a user's behalf, even when the user is offline

/rest/api/2/mypermissions

Get a list of permissions indicating which permissions the user has.

/rest/api/3/mypreferences/locale

Get the locale for the user.

ACCESS_EMAIL_ADDRESSES

  • View email addresses of users

/rest/api/2/user/email

Get a user's email address.

/rest/api/2/user/email/bulk

Get user email addresses in bulk.

NONE

  • Relates to retrieving the app related information.

/rest/atlassian-connect/1/addons/{addonKey}/properties/{propertyKey}

Gets the key and value of an app's property.

/rest/atlassian-connect/1/addons/{addonKey}

Gets all the properties of an app.