• Documentation

Permissions required for Github for Jira

From 12 September 2024, we are updating permissions to enable new Atlassian Rovo functionality, and prepare for upcoming Github OAuth changes.

These updates are optional if you only use the Github for Jira app to link Github data to Jira (like PRs, commits, and branches).

By granting the GitHub for Jira app access, you are providing the following authorizations to your GitHub and Jira accounts:

Jira permission scopes

  • Read, write, and admin access for development information: This includes branches, commits, and pull requests.

GitHub permission scopes

Repository Permissions

Permission scope

Why the app needs it

Read-only access to actions

This permission enables access to theworkflow_run webhook event, providing information including artifacts_url, check_suite_id, conclusion, head_branch, and head_sha.

Read-only access to code scanning alerts/security events

To receive Github code scanning alerts in Jira, the app needs read permissions for security events. The app will listen to code_scanning_alert webhooks and send security report details to Jira. These will appear under the "Other links" tab of the Development Panel on Jira issues.

Read-only access to deployments

To see build and deployment information in Jira, the app needs read permissions for deployments. This allows it to listen to the webhook deployment_status event which occurs when a deployment is created. Read-only deployment permissions are used for the following webhooks:

  • deployment status

Read-only access to metadata

As a mandatory requirement by GitHub, all apps have read-only metadata access by default. This is to provide access to a collection of read-only endpoints with metadata for various resources. These endpoints do not provide sensitive private repository information. Read-only metadata permissions are used for the following webhook:

  • repository

Read and write access to issues and pull requests

This permission powers Smart Commit actions and allows Jira URLs to unfurl in comments. Unfurling refers to the app detecting Jira issue keys in square brackets like [ABC-123] and replacing them with respective Jira issue links.

Issues: Read and write issue permissions are used for the following webhooks:

  • issue comment

  • issues

Pull requests: Read and write pull request permissions are used for the following webhooks:

  • pull request

  • pull request review.

Notes:

  1. The square brackets are required, without which the pull request may appear in the Jira issue's Development section, but the issue key won't be expanded to a link.

  2. For GitHub Enterprise integration (where the user owns the GitHub app) "Write" permission is optional. When not provided, the "unfurl" logic is gently skipped.

Read and write access to content (code)

Read permissions sync development information to Jira for the following webhooks:

  • commit comment

  • delete

  • push

  • workflow run

Write permissions allow branch creation from an issue's dev panel.

Note: for GitHub Enterprise integration (where the user owns the GitHub app) "Write" permission is optional. When not provided, the "Create Branch" feature will not function.

Organization permissions

Permission scope

Why the app needs it

Read-only access to members

To determine if you have admin access to a GitHub organization.

Events Our App Subscribes To

Event

When this event occurs

Code scanning alert /security events

Code Scanning alert created, fixed in branch, or closed

Commit comment

A commit comment is created

Create

A Git branch or tag is created

Delete

A Git branch or tag is deleted

Deployment status

A deployment is created

Issue comment

Activity related to an issue or pull request comment

Issues

Activity related to an issue

Pull request

Activity related to pull requests

Pull request review

Activity related to pull request reviews

Push

One or more commits are pushed to a repository branch or tag

Repository

Activity related to a repository

Workflow run

When a GitHub Actions workflow run is requested or completed

Have more questions about permissions? Check out our FAQ documentation. If you can’t find the answer you’re looking for, feel free to open an issue or contact our support team. We're here to help.




Still need help?

The Atlassian Community is here for you.