Permission scope details for ARNR
- Annu
One question that we get from time to time, is why Automated Release Notes & Reports app requires all the following permissions -
View email addresses of users
Act on a user's behalf, even when the user is offline
Administer the host application
Administer Jira projects
Delete data from the host application
Write data to the host application
Read data from the host application
Above list can be easily found on the app’s marketplace listings (free & paid) under the Integration Details section on the Overview tab. We answer that question here.
First of all, the bullet list above is a set of permissions that are derived based on the scope the ARNR app requests. For simplification, the scope can be considered as a collection of permissions. ARNR app requests the ADMIN scope since the app needs to fetch users from configured Jira group/s. That is the only integration point behind ADMIN scope that ARNR currently uses. However, as a result, all three permissions (Administer the host application, Delete data from the host application, Administer Jira projects) related to this scope are displayed in the marketplace listing. So, if you are not using Jira groups to send release notes to (through ARNR) - then the app does not even use the admin scope at all.
To be transparent, we are sharing the Scope, Resulting permissions, Integration points that ARNR is using with Jira, and the details around the purpose of using those integration points.
Scope | Resulting permissions | Integration points | Use case details |
|---|---|---|---|
READ |
| /rest/api/2/search | Search issues/users |
/rest/api/2/issue/{issueIdOrKey} | Get issue by id or key | ||
/rest/api/2/groups/picker | Get list of groups whose names contain a query string. | ||
/rest/api/2/user | Get user | ||
/rest/api/2/user/bulk | Get users in bulk | ||
/rest/api/2/user/picker | Get list of groups whose names contain a query string. | ||
/rest/api/2/project/{projectIdOrKey} | Get project by id or key | ||
/rest/api/2/permissions/project | Get the projects where the user is granted a list of project permissions. | ||
/rest/api/2/project | Get all projects visible to the user | ||
/rest/api/2/project/{projectIdOrKey}/versions | Get list of all versions in a project. | ||
/rest/api/3/project/{projectIdOrKey}/role/{id} | Get a project role's details and user associated with the project. | ||
/rest/api/2/field | Returns system and custom issue fields according to the following rules:
| ||
/rest/api/2/version/{id} | Get version details by id | ||
/rest/api/2/jql/parse | Parses and validates JQL queries. Validation is performed in context of the current user. | ||
/rest/api/2/jql/autocompletedata | Get reference data for JQL searches. | ||
/rest/api/2/jql/autocompletedata/suggestions | Returns the JQL search auto complete suggestions for a field. | ||
/rest/api/3/role/{id} | Gets the project role details and the default actors associated with the role. | ||
/rest/api/3/attachment/content/{id} | Get the contents of an attachment by attachment id. | ||
/rest/api/3/serverInfo | Get information about the Jira instance. | ||
/rest/api/2/project/{projectIdOrKey}/properties/{propertyKey} | Returns the value of a project property. | ||
WRITE |
| /rest/api/3/issue/{issueIdOrKey} | Edits an issue. (This scope is used only in AI release notes generator feature). |
ADMIN |
| /rest/api/2/group/member | get a paginated list of all users in a group. |
ACT_AS_USER |
| /rest/api/2/mypermissions | Get a list of permissions indicating which permissions the user has. |
/rest/api/3/mypreferences/locale | Get the locale for the user. | ||
ACCESS_EMAIL_ADDRESSES |
| /rest/api/2/user/email | Get a user's email address. |
/rest/api/2/user/email/bulk | Get user email addresses in bulk. | ||
NONE |
| /rest/atlassian-connect/1/addons/{addonKey}/properties/{propertyKey} | Gets the key and value of an app's property. |
/rest/atlassian-connect/1/addons/{addonKey} | Gets all the properties of an app. |