When a connect user is created for an app, it is added to the default member group of the product(s) it is installed against. This is necessary to grant the connect user the required WRITE (or higher) permissions for that product

However, the connect user membership is added Cross-Product Group: If your Jira and Confluence are part of the same Atlassian organization (especially in "vortex" environments), connect users with admin scope are added to admin groups for both Jira and Confluence—even if the app is only installed in one product. This can result in the connect user being present in both products' default groups, leading to cross-app permission escalation.If Jira and Confluence are part of the same Atlassian organization (especially in "vortex" environments), connect users with admin scope are added to admin groups for both Jira and Confluence—even if the app is only installed in one product. This can result in the connect user being present in both products' default groups, leading to cross-app permission escalation.

Admin users get concerned when they see on the global permissions that a connect user which is exclusively used by another product was added to the default group.

Request:
Introduce a centralized management interface within the admin settings to view, and potentially manage, connect user permissions across all products. This interface should offer detailed insights into the groups and permissions assigned to a connect user, the reasons an app requires cross-product group access, and the scope provided by the vendor.