Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-81601

Any changes to atlassian-addon-project-access project role are overwritten on an app installation

XMLWordPrintable

    • 16
    • Severity 2 - Major
    • 54
    • Hide
      Atlassian Update – 9 April 2024

      Hello everyone,

      We appreciate your feedback and comments. Please be assured that we're diligently examining the use cases outlined in this ticket.

      At present, we've decided not to proceed with the removal of this role until we have a deeper understanding.

      The upcoming App Access Rule functionality appears to be the ideal solution for some of the use cases mentioned. We're also investigating options for more refined app control.
      Kindly continue monitoring this ticket for further updates.

      Thank you.
      Grażyna Kaszkur, Product Manager

      Show
      Atlassian Update – 9 April 2024 Hello everyone, We appreciate your feedback and comments. Please be assured that we're diligently examining the use cases outlined in this ticket. At present,  we've decided not to proceed with the removal of this role until we have a deeper understanding. The upcoming App Access Rule functionality appears to be the ideal solution for some of the use cases mentioned. We're also investigating options for more refined app control. Kindly continue monitoring this ticket for further updates. Thank you. Grażyna Kaszkur, Product Manager

      Issue Summary

      As a result of changes announced in 2017 (https://confluence.atlassian.com/servicedeskcloud/blog/2017/02/add-on-permissions-update) any changes around atlassian-addon-project-access role persist only until the first app installation or update and then they are overwritten.

      The possibility to remove atlassian-addons-project-access role from permission or issue security scheme gives admins a false impression they can restrict app access to some projects or features. 

      This is reproducible on Data Center: no

      Steps to Reproduce

      1. Go to Permissions schemes
      2. Pick one of them and click Permissions
      3. Remove `atlassian-addons-project-access` from some permission ie. Administer Projects or Manage sprints
      4. Install any app
      5. Check that the role was readded to that permission

      Expected Results

      As Atlassian intention was to have `atlassian-addons-project-access` always added to all permissions schemes and issue security schemes there should be no possibility to manage that project role access.

      Actual Results

      Admins have the impression they have limited apps access to some projects, however, their settings are overwritten on any app installation or update.

      Workaround

      Admin can implement a side script that detects the reading of the project role happened and update schemes according to their initial requirements.

        1. image-2023-09-13-13-52-36-678.png
          781 kB
          Tomasz Kanafa

              Unassigned Unassigned
              bszturemska@atlassian.com Beata Szturemska
              Votes:
              52 Vote for this issue
              Watchers:
              92 Start watching this issue

                Created:
                Updated: