This resource represents permission schemes. Use it to get, create, update, and delete permission schemes as well as get, create, update, and delete details of the permissions granted in those schemes.
Returns all permission schemes.
A permission scheme is a collection of permission grants. A permission grant consists of a holder and a permission.
The holder object contains information about the user or group being granted the permission. For example, the Administer projects permission is granted to a group named Teams in space administrators. In this case, the type is "type": "group", and the parameter is the group name, "parameter": "Teams in space administrators" and the value is group ID, "value": "ca85fac0-d974-40ca-a615-7af99c48d24f".
The holder object is defined by the following properties:
type Identifies the user or group (see the list of types below).parameter As a group's name can change, use of value is recommended. The value of this property depends on the type. For example, if the type is a group, then you need to specify the group name.value The value of this property depends on the type. If the type is a group, then you need to specify the group ID. For other type it has the same value as parameterThe following types are available. The expected values for parameter and value are given in parentheses (some types may not have a parameter or value):
anyone Grant for anonymous users.applicationRole Grant for users with access to the specified application (application name, application name). See Update product access settings for more information.assignee Grant for the user currently assigned to an issue.group Grant for the specified group (parameter : group name, value : group ID).groupCustomField Grant for a user in the group selected in the specified custom field (parameter : custom field ID, value : custom field ID).projectLead Grant for a project lead.projectRole Grant for the specified project role (parameter :project role ID, value : project role ID).reporter Grant for the user who reported the issue.sd.customer.portal.only Jira Service Desk only. Grants customers permission to access the customer portal but not Jira. See Customizing Jira Service Desk permissions for more information.user Grant for the specified user (parameter : user ID - historically this was the userkey but that is deprecated and the account ID should be used, value : user ID).userCustomField Grant for a user selected in the specified custom field (parameter : custom field ID, value : custom field ID).The built-in Jira permissions are listed below. Apps can also define custom permissions. See the project permission and global permission module documentation for more information.
Administration permissions
ADMINISTER_PROJECTSEDIT_WORKFLOWEDIT_ISSUE_LAYOUTProject permissions
BROWSE_PROJECTSMANAGE_SPRINTS_PERMISSION (Jira Software only)SERVICEDESK_AGENT (Jira Service Desk only)VIEW_DEV_TOOLS (Jira Software only)VIEW_READONLY_WORKFLOWIssue permissions
ASSIGNABLE_USERASSIGN_ISSUESCLOSE_ISSUESCREATE_ISSUESDELETE_ISSUESEDIT_ISSUESLINK_ISSUESMODIFY_REPORTERMOVE_ISSUESRESOLVE_ISSUESSCHEDULE_ISSUESSET_ISSUE_SECURITYTRANSITION_ISSUESVoters and watchers permissions
MANAGE_WATCHERSVIEW_VOTERS_AND_WATCHERSComments permissions
ADD_COMMENTSDELETE_ALL_COMMENTSDELETE_OWN_COMMENTSEDIT_ALL_COMMENTSEDIT_OWN_COMMENTSAttachments permissions
CREATE_ATTACHMENTSDELETE_ALL_ATTACHMENTSDELETE_OWN_ATTACHMENTSTime tracking permissions
DELETE_ALL_WORKLOGSDELETE_OWN_WORKLOGSEDIT_ALL_WORKLOGSEDIT_OWN_WORKLOGSWORK_ON_ISSUESPermissions required: Permission to access Jira.
read:jira-workread:application-role:jira, read:field:jira, read:group:jira, read:permission-scheme:jira, read:permission:jira ...(Show more)Connect app scope required: READ
string
Returned if the request is successful.
List of all permission schemes.
1
2
3
4
5
6
7
8
9
10
11
12
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme`, {
headers: {
'Accept': 'application/json'
}
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
{
"permissionSchemes": [
{
"description": "description",
"id": 10000,
"name": "Example permission scheme",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/10000"
}
]
}Creates a new permission scheme. You can create a permission scheme with or without defining a set of permission grants.
Permissions required: Administer Jira global permission.
manage:jira-configurationwrite:permission-scheme:jira, read:application-role:jira, read:field:jira, read:group:jira, read:permission-scheme:jira ...(Show more)Connect app scope required: ADMIN
string
The permission scheme to create.
string
string
Requiredarray<PermissionGrant>
Scope
any
Returned if the permission scheme is created.
Details of a permission scheme.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
var bodyData = `{
"description": "description",
"name": "Example permission scheme",
"permissions": [
{
"holder": {
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"permission": "ADMINISTER_PROJECTS"
}
]
}`;
const response = await requestJira(`/rest/api/2/permissionscheme`, {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: bodyData
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"description": "description",
"id": 10000,
"name": "Example permission scheme",
"permissions": [
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}
],
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/10000"
}Returns a permission scheme.
Permissions required: Permission to access Jira.
read:jira-workread:application-role:jira, read:field:jira, read:group:jira, read:permission-scheme:jira, read:permission:jira ...(Show more)Connect app scope required: READ
integer
Requiredstring
Returned if the request is successful.
Details of a permission scheme.
1
2
3
4
5
6
7
8
9
10
11
12
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}`, {
headers: {
'Accept': 'application/json'
}
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"description": "description",
"id": 10000,
"name": "Example permission scheme",
"permissions": [
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}
],
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/10000"
}Updates a permission scheme. Below are some important things to note when using this resource:
If you want to add or delete a permission grant instead of updating the whole list, see Create permission grant or Delete permission scheme entity.
See About permission schemes and grants for more details.
Permissions required: Administer Jira global permission.
manage:jira-configurationwrite:permission-scheme:jira, read:application-role:jira, read:field:jira, read:group:jira, read:permission-scheme:jira ...(Show more)Connect app scope required: ADMIN
integer
Requiredstring
string
string
Requiredarray<PermissionGrant>
Scope
any
Returned if the scheme is updated.
Details of a permission scheme.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
var bodyData = `{
"description": "description",
"name": "Example permission scheme",
"permissions": [
{
"holder": {
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"permission": "ADMINISTER_PROJECTS"
}
]
}`;
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}`, {
method: 'PUT',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: bodyData
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"description": "description",
"id": 10000,
"name": "Example permission scheme",
"permissions": [
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}
],
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/10000"
}Deletes a permission scheme.
Permissions required: Administer Jira global permission.
manage:jira-configurationdelete:permission-scheme:jiraConnect app scope required: ADMIN
integer
RequiredReturned if the permission scheme is deleted.
1
2
3
4
5
6
7
8
9
10
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}`, {
method: 'DELETE'
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.text());Returns all permission grants for a permission scheme.
Permissions required: Permission to access Jira.
read:jira-workread:application-role:jira, read:field:jira, read:group:jira, read:permission:jira, read:project-role:jira ...(Show more)Connect app scope required: READ
integer
Requiredstring
Returned if the request is successful.
List of permission grants.
1
2
3
4
5
6
7
8
9
10
11
12
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}/permission`, {
headers: {
'Accept': 'application/json'
}
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"expand": "user,group,projectRole,field,all",
"permissions": [
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}
]
}Creates a permission grant in a permission scheme.
Permissions required: Administer Jira global permission.
manage:jira-configurationread:application-role:jira, read:field:jira, read:group:jira, read:permission:jira, read:project-role:jira ...(Show more)Connect app scope required: ADMIN
integer
Requiredstring
The permission grant to create.
PermissionHolder
string
any
Returned if the scheme permission is created.
Details about a permission granted to a user or group.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
var bodyData = `{
"holder": {
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"permission": "ADMINISTER_PROJECTS"
}`;
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}/permission`, {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: bodyData
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}Returns a permission grant.
Permissions required: Permission to access Jira.
read:jira-workread:application-role:jira, read:field:jira, read:group:jira, read:permission:jira, read:project-role:jira ...(Show more)Connect app scope required: READ
integer
Requiredinteger
Requiredstring
Returned if the request is successful.
Details about a permission granted to a user or group.
1
2
3
4
5
6
7
8
9
10
11
12
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}/permission/{permissionId}`, {
headers: {
'Accept': 'application/json'
}
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.json());1
2
3
4
5
6
7
8
9
10
11
{
"holder": {
"expand": "group",
"parameter": "jira-core-users",
"type": "group",
"value": "ca85fac0-d974-40ca-a615-7af99c48d24f"
},
"id": 10000,
"permission": "ADMINISTER_PROJECTS",
"self": "https://your-domain.atlassian.net/rest/api/2/permissionscheme/permission/10000"
}Deletes a permission grant from a permission scheme. See About permission schemes and grants for more details.
Permissions required: Administer Jira global permission.
manage:jira-configurationdelete:permission:jiraConnect app scope required: ADMIN
integer
Requiredinteger
RequiredReturned if the permission grant is deleted.
1
2
3
4
5
6
7
8
9
10
// This sample uses Atlassian Forge
// https://developer.atlassian.com/platform/forge/
import { requestJira } from "@forge/bridge";
const response = await requestJira(`/rest/api/2/permissionscheme/{schemeId}/permission/{permissionId}`, {
method: 'DELETE'
});
console.log(`Response: ${response.status} ${response.statusText}`);
console.log(await response.text());Rate this page: