Last updated Nov 8, 2023

Access scopes

The app migration platform allows server apps to export data to cloud, and access Jira and Confluence mappings. Server apps need to declare access scopes so that admin users can consent to it in the user interface of the Jira or Confluence Cloud Migration Assistants.

About access scopes

Depending on the access scopes that your server app declares, the app migration platform will restrict access to the following capabilities:

Server app data export to the Atlassian secure cloud storage
Cloud app access to the data in the Atlassian secure cloud storage
Server and cloud app access to user mappings
Server and cloud app access to product mappings (Jira and Confluence mappings)

Available access scopes

Migration tracing

Migration tracing scopes allow your server app to declare the types of mappings that your server and/or cloud app will access. Depending on the access scopes your server app declares, the app migration platform grants access to the corresponding mapping namespaces as follows:

Scope	Mappings access
`MIGRATION_TRACING_IDENTITY`	Access to the `identity:*` mapping namespace.
`MIGRATION_TRACING_PRODUCT`	Access to `jira` and `confluence` mapping namespaces.

Product data and app data

Product data and app data scopes allow your server app to declare the type of data that the app migration platform exports from the server instance to the Atlassian secure cloud storage. It also determines whether your cloud app will have access to the exported data.

Declare these scopes thoroughly to inform admin users of what data will be exported by your server app from their server instance.

Scope	Data exported
`PRODUCT_DATA_UGC`	User generated content stored by the Atlassian product.
`PRODUCT_DATA_PII`	Personally identifiable information (e.g. usernames, emails, address, etc.) stored by the Atlassian product.
`PRODUCT_DATA_SECURITY`	Passwords, tokens, secrets etc. Both open or hashed. Stored by the Atlassian product.
`PRODUCT_DATA_OTHER`	Atlassian product data that doesn’t fall under any of the above classifications.
`APP_DATA_UGC`	User generated content stored by the app.
`APP_DATA_PII`	Personally identifiable information (e.g. usernames, emails, address, etc.) stored by the app.
`APP_DATA_SECURITY`	Passwords, tokens, secrets etc. Both open or hashed. Stored by the app.
`APP_DATA_OTHER`	App data that doesn’t fall under any of the above classifications.

Declare your access scopes

When implementing the listener, you must also implement the getDataAccessScopes method to declare the scopes that your app requires.

See an example

The example that follows uses the getDataAccessScopes method to declare the scopes that the server and cloud app needs to access.

1
2
@Override
public Set<AccessScope> getDataAccessScopes() {
    return Stream.of(AccessScope.APP_DATA_OTHER, AccessScope.PRODUCT_DATA_OTHER)
        .collect(Collectors.toCollection(HashSet::new));
}