Issue Summary

It should be documented how the user associated to each connect app and the groups atlassian-addons and atlassian-addons-admin are used to grant permissions (to the app) and how changing the default products access groups can cause apps not to function properly.

This is mentioned in multiple places but never properly documented:

• Unable to install any Cloud Add-on
• Add-on user permission problem
• AC-2320 - Error provisioning add-on user due to missing default group for some applications
• CONFCLOUD-69755- Explanation of Confluence Connect app user permissions
•  ID-8120 - Add-ons might stop working if confluence-users group doesn't have access on Confluence

Another thing to point out is that some apps seem to register what was the default access group when they are installed, and they will keep referencing it even if the default access group changes after the app installation.

For example, if an app requires the default access group for Jira Software to be included in the Browse projects permission, and after the installation, the default access group changes, the app will continue to require the original default access group to have the permission to work, ignoring the current default access group.

The solution to this is to uninstall and install the app again so the app can recognize the current default access group and map its permissions accurately.