Skip to main content
Skip table of contents

Teams: Privacy & permissions

This page lists all permissions that our app requires across Jira and Microsoft Teams. A short explanation why we need the permission is also given.

We only use the data to provide app features. We try to request as little permissions as possible, but unfortunately, some permissions are too broad. We are constantly working with Atlassian and Microsoft to improve this.

You may also check out our Microsoft publisher attestation of the app: Publisher Attestation

Jira Cloud app

When installing the app on Jira Cloud, it will ask for the following permissions:

Read & Write Data

These are basic permissions for every app. We want to create tickets for the user so we need to read and write to Jira

Act on a user's behalf

This permission allows us to impersonate the user. This is necessary, because when fetching issue information from the system, it allows us to respect issue & project permissions easily, by having Jira take care of it. In addition, when an issue is created, the author should be the user itself, not the Teams app - impersonation makes this possible.

Administer the host application, Administer Jira projects

This general administrative permission is unfortunately required from a security perspective. To restrict editing app settings to Jira administrators, we need to determine if the user is actually an administrator - to get this information, the Atlassian APIs require itself administrative permissions.

If you would like to know more, please get in touch!

Teams app / Microsoft account

The Teams app is divided into two parts, some permissions come from the Teams app itself, other permissions will be granted by every user (delegated).

Delegated Permissions

Delegated permissions are granted when a single user logs in from Jira with their own account.

Sign in and read user profile

Basic permission to be able to log the user in.

Maintain access to data you have given it access to

This permission is required, so we don’t need to have the user login again every day.

Read and write user chat messages

This permission is used to view and post new chat messages from Jira.

Read the names and descriptions of channels

This permission is used to show a list of the users own channels in Jira

Read the names and descriptions of teams

This permission is used (in combination with the one above) to determine the teams and channels of the user, to allow them to be picked.

Send channel messages

This permission is used to send channel messages on behalf of the user from Jira.

Read all users' basic profiles

This permission is required to look up users in AzureAD. This is necessary to provide user lookups (e.g. @-mentions) from Jira.

Teams app permissions

The Teams app permissions are granted when installing the bot/app in Microsoft Teams. Even though the list below looks fairly long, though most of the permissions are quite basic and the same for all apps that include a bot.

Please note, that permissions like “Read messages in a Team” only apply to the team the app/bot is installed in. Therefore, you have a team with confidential data you don’t want to expose to Jira, the app won’t have access, even if it’s installed in other teams.

Receive messages and data that I provide to it

Basic bot permission. If you @-mention the bot, we will receive this message.

Send me messages and notifications

Basic bot permission. Allows the bot to send messages to a user (currently only the welcome message).

Access my profile information such as my name, email address, company name, and preferred language

Basic bot permission. Used to send personalized messages (e.g. Hi <first name>)

Receive messages and data that team members provide to it in a channel

Basic bot permission. If you @-mention the bot in a channel, we will receive that message.

Send messages and notifications in a channel

Basic bot permission. Allows the bot to proactively post in a channel.

Access this team's information such as team name, channel list and roster (including team member's names and email addresses) - and use this to contact them​

Allows the bot to check team/channel membership of users. We use this to secure access to certain APIs.

Read this team's settings

Basic permission to read teams settings (e.g. notification preferences).

Read the names, descriptions, and settings of this team’s channels

Same as the delegated permission above, allows the bot to retrieve a list of channels where it is installed in. This is used to provide user guidance in Jira.

Read messages in this team

Allows the bot to read messages from this team. Used for features like “Create issue” to default the message text.

Read this group's members

Same as access the teams “roster”, used to looking up team membership.

Maintain access to the team’s data

Basic bot permission.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.