Jira Cloud app
When installing the app on Jira Cloud, it will ask for five authorizations
These are basic permissions for every app. The app creates tickets, add comments, add properties etc.
Some modifications require delete permissions.
This permission allows the app to impersonate the user. This is necessary when fetching issue information from the system. It easily allows to respect issue & project permissions, by having Jira taking care of it. In addition, when an issue is created, the author should be the user itself, not the app - impersonation makes this possible.
This general administrative permission is required for some specific checks and to read some central configurations. At this point we do not modify any admin settings.
At many occasions the app matches the Jira user with the Microsoft account. This requires the email address of the Jira users that requires an additional permission.
Jira Datacenter does not know the concept of scopes. The app always has full access.
Additionally, the app requires an OAuth1.0a login for each user that grants the same permissions as the user.
Delegated permissions for Microsoft graph are granted, when a single user logs themselves in from Jira with their own account. The app will not request all permissions at once, but only the ones necessary for the feature.
E.g. when working with Microsoft Teams, it will request chat & channel specific permissions. When using the meetings feature, it will request calendar specific permissions.
Basic permission to be able to log the user in.
This permission is required, so the user does not need to login again every day.
This permission is required to look up users in AzureAD. This is necessary to provide user lookups (e.g. @-mentions) from Jira.
Used to get Microsoft-related settings like timezones, working hours etc.
This permission is used to view and post new chat messages from Jira.
This permission is used to show a list of the users own (Microsoft Teams) channels in Jira.
This permission is used (in combination with the one above) to determine the teams and channels of the user, to allow them to be picked.
This permission is used to send (MS Teams) channel messages on behalf of the user from Jira.
Used to determine the app id of the app within the AppCatalog. (Is always different for the JSM customer app)
Automatically adding the Teams bot to the chat to have access to features like (bot) notifications.
Used to create a tab for the Jira issue in a Teams chat.
Used to receive/get and display emails for the user and shared mailboxes.
Used to send emails for the user and shared mailboxes the user has access to.
Calendar & meetings
This permission is used to display calendars and to add events.
Depending on the use case, the app might also need access to shared calendars.
Allows us to create MS Teams join-url's and dial-in data for created meetings.
Used for the To Do sync (Jira <> To Do).
The Teams app permissions are granted when installing the bot/app in Microsoft Teams.
Even though the list below looks fairly long, most of the permissions are quite basic and the same for all apps that include a bot.
Please note, that permissions like “Read messages in a Team” only apply to the team the app/bot is installed in. Therefore, you have a team with confidential data you don’t want to expose to Jira, the app won’t have access, even if it’s installed in other teams.
Basic bot permission. If you @-mention the bot, we will receive this message.
Basic bot permission. Allows the bot to send messages to a user (currently only the welcome message).
Basic bot permission. Used to send personalized messages (e.g. Hi <first name>)
Basic bot permission. If you @-mention the bot in a channel, we will receive that message.
Basic bot permission. Allows the bot to proactively post in a channel.
Allows the bot to check team/channel membership of users. We use this to secure access to certain APIs.
Basic permission to read teams settings (e.g. notification preferences).
Same as the delegated permission above, allows the bot to retrieve a list of channels where it is installed in. This is used to provide user guidance in Jira.
Allows the bot to read messages from this team. Used for features like “Create issue” to default the message text.
Same as access the teams “roster”, used to looking up team membership.
Basic bot permission.
All admin permissions are optional and add more features if granted.
If granted by the admin, the meeting room picker offers better results.
Modern Office add-in
Installing the app via the Microsoft Office store (AppSource) will require access to your mailbox.
This is necessary because we don’t only work with the current email, but also show related issues based on the whole email conversation.
⚠️ We only use the data to provide the app features.
⚠️ We only access them when using the add-in and we never store your personal data on an external server (except for Jira itself).