This page lists all permissions that our app requires across Jira and Microsoft Teams.
Of course, we also provide a short explanation on why our app needs these permissions.
You may also check out our Microsoft publisher attestation of the app: Publisher Attestation.
Please note: We only use data to provide app features. We try to request as little permissions as possible, but unfortunately, some permissions are too broad. We are constantly working with Atlassian and Microsoft to improve this.
Jira Cloud app
When installing the app on Jira Cloud, it will ask for the following permissions:
Read & Write Data
These are basic permissions for every app. We want to create tickets for the user so we need to read and write to Jira
Act on a user's behalf
This permission allows us to impersonate the user. This is necessary, because when fetching issue information from the system, it allows us to respect issue & project permissions easily, by having Jira take care of it. In addition, when an issue is created, the author should be the user itself, not the Teams app - impersonation makes this possible.
Administer the host application, Administer Jira projects
This broad administrative permission is unfortunately required from a security perspective. To restrict editing app settings to Jira administrators, we need to determine if the user is actually an administrator - to get this information, the Atlassian APIs require itself administrative permissions. There is a bug open here: https://ecosystem.atlassian.net/browse/ACJIRA-2177
If you would like to know more, please get in touch!
Teams app / Microsoft account
The Teams app is divided into two parts, some permissions come from the Teams app itself, other permissions will be granted by every user (delegated).
Delegated Permissions
Delegated permissions are granted when a single user logs in from Jira with their own account.
Sign in and read user profile
Basic permission to be able to log the user in.
Maintain access to data you have given it access to
This permission is required, so we don’t need to have the user login again every day.
Read and write user chat messages
This permission is used to view and post new chat messages from Jira.
Read the names and descriptions of channels
This permission is used to show a list of the users own channels in Jira
Read the names and descriptions of teams
This permission is used (in combination with the one above) to determine the teams and channels of the user, to allow them to be picked.
Send channel messages
This permission is used to send channel messages on behalf of the user from Jira.
Read all users' basic profiles
This permission is required to look up users in AzureAD. This is necessary to provide user lookups (e.g. @-mentions) from Jira.
Teams app permissions
The Teams app permissions are granted when installing the bot/app in Microsoft Teams. Even though the list below looks fairly long, most of the permissions are quite basic and the same for all apps that include a bot.
Please note: Permissions like “Read messages in a Team” only apply to the team where the app/bot is installed in. Thus, if you have a team with confidential data you don’t want to expose to Jira, the app won’t have access, even if it’s installed in other teams.
Receive messages and data that I provide to it
Basic bot permission. If you @-mention the bot, we will receive this message.
Send me messages and notifications
Basic bot permission. Allows the bot to send messages to a user (currently only the welcome message).
Access my profile information such as my name, email address, company name, and preferred language
Basic bot permission. Used to send personalized messages (e.g. Hi <first name>)
Receive messages and data that team members provide to it in a channel
Basic bot permission. If you @-mention the bot in a channel, we will receive that message.
Send messages and notifications in a channel
Basic bot permission. Allows the bot to proactively post in a channel.
Access this team's information such as team name, channel list and roster (including team member's names and email addresses) - and use this to contact them
Allows the bot to check team/channel membership of users. We use this to secure access to certain APIs.
Read this team's settings
Basic permission to read teams settings (e.g. notification preferences).
Read the names, descriptions, and settings of this team’s channels
Same as the delegated permission above, allows the bot to retrieve a list of channels where it is installed in. This is used to provide user guidance in Jira.
Read messages in this team
Allows the bot to read messages from this team. Used for features like “Create issue” to default the message text.
Read this group's members
Same as access the teams “roster”, used to looking up team membership.
Maintain access to the team’s data
