Last updatedJun 8, 2020

Rate this page:


Scopes allow an app to request a particular level of access to an Atlassian product.

For example:

  • Within a particular product instance an administrator may further limit the actions that an app may perform. This is valuable because it allows administrators to safely install apps that they otherwise would not.
  • The scopes may allow the potential to access beta or non-public APIs that are later changed in or removed from the Atlassian product. The inclusion of the API endpoint in a scope does not imply that the product makes this endpoint public. Read the Confluence API documentation for details.

Some scopes automatically imply that the app will be granted other scopes. These are defined below.

The following scopes are available for use by Atlassian Connect Confluence apps:

  • NONE can access app defined data; scope does not need to be declared in the descriptor
  • READ can view, browse, read information from Confluence
  • WRITE can create or edit content in Confluence, but not delete them (implies: READ)
  • DELETE can delete entities from Confluence (implies: READ, WRITE)
  • SPACE_ADMIN can administer a space in Confluence (implies: READ, WRITE, DELETE)
  • ADMIN can administer the entire Confluence instance (implies: READ, WRITE, DELETE, SPACE_ADMIN)
  • ACT_AS_USER can enact services on a user's behalf.
  • ACCESS_EMAIL_ADDRESSES can get the email addresses of users.

Scopes are declared as a top level attribute of atlassian-connect.json app descriptor as in this example:

    "baseUrl": "",
    "key": "atlassian-connect-addon",
    "scopes": [
        "READ", "WRITE"
    "modules": {}

Rate this page: