Last updated Apr 23, 2024

Jira Service Management scopes for OAuth 2.0 (3LO) and Forge apps

Scopes enable an app to request a level of access to an Atlassian product.

Jira Service Management permissions also control access to data and aren't overridden by scopes. For example, if a user does not have Jira Administrator Global permission then the Create customers operation won’t be able to access customer data even if the app has the manage:servicedesk-customer scope.
The scopes may provide the potential to access beta or non-public APIs that are later changed or removed from the Atlassian product. The inclusion of the API endpoint in a scope doesn't imply that the product makes this endpoint public. Read the Jira Service Management REST API documentation for details.
Some scopes automatically imply that the app is granted other scopes.

Setting your app's scopes

When choosing your scopes, the recommendation is to use classic scopes.

Scopes limit

It's recommended that you use less than 50 scopes in an application. When adding scopes in the developer console, a count of the scopes added to your app is displayed. If you are approaching 50 scopes, review your use of scopes and ensure you're using classic scopes to the maximum extent possible and remove any unnecessary granular scopes.

Forge apps

The easiest way to set your app's scopes is to:

Update to the latest forge-cli packages.
Run forge-lint --fix to add the scopes to the manifest.

This process does not remove any redundant scopes from the manifest file, and these scopes need to be removed manually.

If you want to set the scopes manually, you need to:

Review your app to determine all of the operations used.
Consult the Jira Service Management Cloud REST API documentation to determine the scope needed for each operation and create a list of scopes.
Add the scopes required to the app's manifest file while remembering to remove any deprecated scopes.

OAuth 2.0 apps

For OAuth 2.0 apps, you need to:

Review your app to determine all of the operations used.
Consult the Jira Service Management Cloud REST API documentation to determine the scope needed for each operation and create a list of scopes.
Update the scopes required in the developer console.

Scopes

These scopes are for apps using OAuth 2.0 authorization code grants (3LO) for authorization and Forge apps. The title and description are displayed to the user on the consent screen during the authorization flow.

Scopes for Atlassian Connect are different. See Scopes for Connect apps to know more.

Classic scopes

Where available, the recommendation is to use these scopes.

Scope name	Summary	Description
`read:jira-user`	View user profiles	View user information in Jira that the user has access to, including usernames, email addresses, and avatars.
`read:jira-work`	View Jira issue data	Read Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs.
`write:jira-work`	Create and manage issues	Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.
`manage:jira-project`	Manage project settings	Create and edit project settings and create new project-level objects (for example, versions and components).
`manage:jira-configuration`	Manage Jira global settings	Take Jira administration actions (for example, create projects and custom fields, view workflows, and manage issue link types).
`manage:jira-webhook`	Manage Jira webhooks	Fetch, register, refresh, and delete dynamically declared Jira webhooks.
`read:servicedesk-request`	View Jira Service Desk request data	Read customer request data, including approvals, attachments, comments, request participants, and status/transitions. Read service desk and request types, including searching for request types and reading request type fields, properties and groups.
`write:servicedesk-request`	Create and manage Jira Service Desk requests	Create and edit customer requests, including add comments and attachments, approve, share (add request participants), subscribe, and transition.
`manage:servicedesk-customer`	Manage Jira Service Desk customers and organizations	Create, manage and delete customers and organizations. Add and remove customers and organizations from service desks.

Granular scopes

Use these scopes only when you can’t use classic scopes.

Scope name	Title	Description
`read:customer:jira-service-management`	View Customers	View customer (user) account information.
`write:customer:jira-service-management`	Create and update customers	Create and update customer (user) accounts.
`read:organization:jira-service-management`	View organizations	View organization information.
`write:organization:jira-service-management`	Create and update organizations	Create and update organizations.
`delete:organization:jira-service-management`	Delete organizations	Delete organizations.
`read:organization.user:jira-service-management`	View organization's users	View an organization’s users.
`write:organization.user:jira-service-management`	Add organization's users	Add users to an organization
`delete:organization.user:jira-service-management`	Delete organization users	Remove users from an organization.
`read:organization.property:jira-service-management`	View organization properties	View organization entity properties.
`write:organization.property:jira-service-management`	Create and update organization properties	Create and update organization entity properties.
`delete:organization.property:jira-service-management`	Delete organization properties	Delete organization entity properties.
`read:servicedesk:jira-service-management`	View servicedesks	Search and view service desks.
`read:servicedesk.organization:jira-service-management`	View servicedesk organizations	View organizations associated with service desk.
`write:servicedesk.organization:jira-service-management`	Add organizations to service desks	Add organizations to service desks.
`delete:servicedesk.organization:jira-service-management`	Remove organizations from service desks	Remove organizations from service desks.
`read:servicedesk.customer:jira-service-management`	View servicedesk customers	View customers associated with service desks.
`write:servicedesk.customer:jira-service-management`	Add servicedesk customers	Add customers to service desks.
`delete:servicedesk.customer:jira-service-management`	Remove servicedesk customers	Remove customers from service desks.
`read:requesttype:jira-service-management`	View requesttypes	Search and view request types.
`write:requesttype:jira-service-management`	Create and update requesttypes	Create and update request types.
`read:servicedesk.property:jira-service-management`	View servicedesk properties	View service desk entity properties.
`write:servicedesk.property:jira-service-management`	Create and update servicedesk properties	Create and update service desk entity properties.
`delete:servicedesk.property:jira-service-management`	Delete servicedesk properties	Delete service desk entity properties.
`read:requesttype.property:jira-service-management`	View requesttype properties	View request type entity properties.
`write:requesttype.property:jira-service-management`	Create and update requesttype properties	Create and update request type entity properties.
`delete:requesttype.property:jira-service-management`	Delete requesttype properties	Delete request type entity properties.
`read:queue:jira-service-management`	View queues	View queues.
`read:request:jira-service-management`	View requests	Search and view requests.
`write:request:jira-service-management`	Create and update requests	Create and update requests.
`read:request.approval:jira-service-management`	View request approvals	View request approvals.
`write:request.approval:jira-service-management`	Action request approvals	Action request approvals, for example, approve, deny, and alike.
`read:request.participant:jira-service-management`	View request participants	View request participants (users).
`write:request.participant:jira-service-management`	Add request participants	Add participants (users) to requests.
`delete:request.participant:jira-service-management`	Remove request participants	Remove participants (users) from requests.
`read:request.action:jira-service-management`	View request actions	View actions that can be performed on requests.
`read:request.comment:jira-service-management`	View request comments	View request comments.
`write:request.comment:jira-service-management`	Create and update request comments	Create and update request comments.
`read:request.sla:jira-service-management`	View request SLAs	View request SLAs.
`read:request.attachment:jira-service-management`	View request attachments	View request attachments.
`write:request.attachment:jira-service-management`	Add request attachments	Add attachments to requests.
`read:request.status:jira-service-management`	View request statuses	View request status and transition information.
`write:request.status:jira-service-management`	Execute request transitions	Execute transitions on requests.
`read:request.feedback:jira-service-management`	View request feedback	View request feedback.
`write:request.feedback:jira-service-management`	Create and update request feedback	Create and update request feedback.
`delete:request.feedback:jira-service-management`	Delete request feedback	Delete request feedback.
`read:request.notification:jira-service-management`	View request notifications	View subscription status of users for requests.
`write:request.notification:jira-service-management`	Create and update request notifications	Subscribe users to requests and update subscription status.
`delete:request.notification:jira-service-management`	Remove request notifications	Unsubscribe uses from requests.
`read:knowledgebase:jira-service-management`	View knowledgebase	Search and view knowledgebase articles.

Assets scopes

Use these scopes for calling Assets endpoints.

Scope name	Title	Description
`import:import-configuration:cmdb`	Import configuration operations	Allow to read and update import structure and import data into Assets.
`read:cmdb-object:jira`	Read Assets objects	Read Assets objects, their attributes values and details.
`write:cmdb-object:jira`	Create or update Assets objects	Create or update Assets objects, their attributes values and details.
`delete:cmdb-object:jira`	Delete Assets objects	Read Assets objects.
`read:cmdb-schema:jira`	View Assets schemas	Get list of or details of individual schemas in Assets.
`write:cmdb-schema:jira`	Create or update Assets schemas	Create new schemas or update details of existing schemas in Assets.
`delete:cmdb-schema:jira`	Delete Assets schemas	Delete Assets schemas.
`read:cmdb-type:jira`	View Assets objects types	Read Assets object types and their attributes.
`write:cmdb-type:jira`	Create or update Assets object types	Create or update Assets object types and their attributes.
`delete:cmdb-type:jira`	Delete Assets object types	Delete Assets object types.
`read:cmdb-attribute:jira`	View Assets object type attributes	Get list of all Assets object type attributes for a schema or an object type.
`write:cmdb-attribute:jira`	Create or update Assets object type attributes	Create or update Assets object type attributes.
`delete:cmdb-attribute:jira`	Delete Assets object type attributes	Delete Assets object type attributes.
`read:cmdb-icon:jira`	View Assets icons	Get an Assets icon details or list of globally defined icons.