Permissions
Similarly to every other app, Skills for Jira requires access to some of the data in customer instance and permission to perform certain actions of over this data. Atlassian has recently released a platform update that mandatorily increased permissions granularity by breaking down the few broad permissions into a longer list of fine-grained permission scopes.
We realize the concern that our users may share regarding the long list of requested permissions, therefore we have compiled a full list of permission scopes requested by the app as well as external domains that the app requests to communicate with and included our explanation and rationale for each of them.
Please don't hesitate to contact us at support@skillsforjira.com for any additional clarification.
Permission (see Atlassian reference) | Entity | What it does | Why do we request it? |
storage:app | App data store | Store application data in isolated storage | Used to store skill trees, queue definitions and other configuration data |
read:issue:jira | Issue | View issues | Basic issue access used by every feature including Skillset fields, Analytics and automated Assignments |
read:issue.property:jira | Issue | View issue properties | |
read:issue-meta:jira | Issue | View issue meta | |
read:issue-details:jira | Issue | View issue details | |
write:issue:jira | Issue | Create and update issues | Used to keep issues's Skillset fields up to date with users' qualifications |
write:issue.property:jira | Issue | Create and update issue properties | |
read:issue.transition:jira | Issue | View issue transitions | Used by the "Assignments" feature to find the appropriate transition when a use pulls assignments |
read:issue-type:jira | Issue | View issue types | Used by APIs that support customizing the skill tree on the Field Context level (which enables flexible Project/IssueType/Field-level customization) |
read:issue-type-hierarchy:jira | Issue | Read issue type hierarchies | |
read:issue-link:jira | Issue | View issue links | Reserved for the Assignments feature to offer more fine-grained control over issues that can be pulled from the queue. |
read:label:jira | Label | View labels | |
read:status:jira | Status | View statuses | Used by Assignments feature, allowing administrator to configure "Ready for Work" and "In Progress" statuses |
read:filter:jira | Filter | View JQL filters | Used by Assignments and Analytics, allowing users to select analysis scope from the list of existing filters rather than typing in JQL manually. |
read:filter.column:jira | Filter | View filter columns | |
read:filter.default-share-scope:jira | Filter | View filter default share scopes | Used by Assignments feature, only allowing administrators to choose Work Scope filters that are available for their users to access. |
read:audit-log:jira | Audit Log | View audit logs | For some reason, this permission is required by Atlassian in order to fetch a list of available issue transitions (link) |
read:field:jira | Field | View fields | For every Skillset field an accompanying ”Skillset-Experts” field is created in order to improve JQL experience and support Expert-only transitions. This field shares life-cycle with the Skillset field |
write:field:jira | Field | Create and update fields | |
delete:field:jira | Field | Delete fields | |
read:field-configuration:jira | Field | Read field configurations | Used to support customizing the skill tree on the Field Context level (which enables flexible Project/IssueType/Field-level customization) |
write:field-configuration:jira | Field | Save field configurations | |
read:custom-field-contextual-configuration:jira | Field | Read custom field contextual configurations | |
write:custom-field-contextual-configuration:jira | Field | Save custom field contextual configurations | |
read:project:jira | Project | View projects | |
read:project-category:jira | Project | View project categories | |
read:project-role:jira | Project | View project roles | |
read:priority:jira | Priority | View priorities |
|
read:user:jira | User | View users | Used to determine and display experts in Skillset and Analytics |
read:user.columns:jira | User | View user columns | |
read:user.property:jira | User | View user properties | |
read:avatar:jira | User | View system and custom avatars. | |
read:group:jira | User Group | View groups | |
read:application-role:jira | Application Role | View application roles |
|
read:jql:jira | JQL | View JQL | Used to search issues by JQL in Assignments and Analytics |
validate:jql:jira | JQL | Validate JQL | |
write:dashboard:jira | Dashboard | Create and update dashboards | Used to provide a "Pull assignments" widget you can place in your dashboards instead of using a separate Assignments dashboard |
*.youtube-nocookie.com | External Domain |
| Used to display configuration demo videos from YouTube in Admin Console - Introduction. We use youtube-nocookie.com (YT official domain) instead of youtube.com to avoid having any access to user’s YouTube/Google accounts as well as to not influence user’s YT history/recommendations. |
External Domain |
| Used to record anonymous product events to power analytics, serves product improvement | |
*.ingest.sentry.io | External Domain |
| Used to record client-side errors, serves product improvement |
External Domain |
| Used to interact with Atlassian via their GraphQL API in addition to their REST API |