Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
Severity 3 - Minor
-
Description
Issue Summary
According to our documentation the Get users from group REST API endpoint is requiring Administer Jira global permission, as well as ADMIN scope for Connect apps and manage:jira-configuration for Oauth.
This is not consistent with the fact that:
- the Administer Jira Global permissions documentation page actually says that you only need Browse users and groups ** global permission:
"Users with Administer Jira permission can perform most administration tasks, except managing users"
- you can actually use the REST API endpoints Find users and groups and Get user groups without ADMIN rights (as expected/documented). So that you can still get the same result using a combination of 2 other endpoints without having admin rights.
Steps to Reproduce
- In the REST API documentation page for the Get users from group REST API endpoint, if you click on the "Permissions required: Administer Jira global permission" link, this brings you to the Administer Jira Global permissions page that, as mentioned above, says that you only need Browse users and groups global permission.
- The Get group members REST API endpoint for Confluence Cloud does not need ADMIN rights either.
Attachments
Issue Links
- is related to
-
JRACLOUD-79363 Bulk get groups REST API endpoint connect app scopes required could be READ scopes
- Closed
- is resolved by
-
EVEREST-2981 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
- relates to
-
GORDIAN-1917 Loading...