Last updatedOct 22, 2019

Scopes

Scopes allow an app to request a particular level of access to an Atlassian product.

  • Within a particular product instance, an administrator may further limit app actions, allowing administrators to safely install apps they otherwise would not.
  • The scopes may allow the potential to access beta or non-public APIs that are later changed in or removed from the Atlassian product. The inclusion of the API endpoint in a scope does not imply that the product makes this endpoint public. Read the Jira Cloud platform REST API documentation for details.

Scopes for Atlassian Connect apps

If you are building an Atlassian Connect app for Jira, use the following scopes:

Scope nameDescription
NONEAccess app-defined data. This scope does not need to be declared in the descriptor.
READView, browse, and read information from Jira.
WRITECreate or edit content in Jira, but not delete content.
DELETEDelete content in Jira.
PROJECT_ADMINAdminister a project in Jira.
ADMINAdminister the Jira site.
ACT_AS_USEREnact services on a user's behalf.
ACCESS_EMAIL_ADDRESSESGet the email addresses of users.

Scopes are declared as a top level attribute of atlassian-connect.json app descriptor as in this example:

1
2
3
4
5
6
7
8
{
    "baseUrl": "http://my-app.com",
    "key": "atlassian-connect-app",
    "scopes": [
        "read", "write"
    ],
    "modules": {}
}

OAuth 2.0 authorization code-only scopes

If your app uses OAuth 2.0 authorization code grants (3LO) for authorization, use the following scopes:

Scope nameSummaryDescription
read:jira-userView user profilesView user information in Jira that the user has access to, including usernames, email addresses, and avatars.
read:jira-workView Jira issue dataRead Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs.
write:jira-workCreate and manage issuesCreate and edit issues in Jira, post comments as the user, create worklogs, and delete issues.
manage:jira-projectManage project settingsCreate and edit project settings and create new project-level objects (for example, versions and components).
manage:jira-configurationManage Jira global settingsTake Jira administration actions (for example, create projects and custom fields, view workflows, and manage issue link types).

Note that the summary of a scope is displayed to the user on the consent screen during the authorization flow.

OAuth 2.0 authorization code-only scopes for Jira Service Desk

The following OAuth 2.0 authorization code grants (3LO) scopes only apply to Jira Service Desk:

Scope nameSummaryDescription
read:servicedesk-requestView Jira Service Desk request dataRead customer request data, including approvals, attachments, comments, request participants, and status/transitions.
Read service desk and request types, including searching for request types and reading request type fields, properties and groups.
write:servicedesk-requestCreate and manage Jira Service Desk requestsCreate and edit customer requests, including add comments and attachments, approve, share (add request participants), subscribe, and transition.
manage:servicedesk-customerManage Jira Service Desk customers and organizationsCreate, manage and delete customers and organizations.
Add and remove customers and organizations from service desks.