App access rule coverage summary for Jira Cloud

Using app access rules, customers can customize and extend Jira, and Jira Service Management while maintaining control over app access to certain content in specific spaces.

This page should be read along with App access rule coverage summary | Atlassian Support, which provides an overview of the types of apps and content that is blocked or not blocked by an app access rule.

The sections below provide a summary of app functionality that is blocked and not blocked by an app access rule for the following Jira products:

• Jira - See Jira Cloud and Jira. Previous users of the ProForma Marketplace app who currently use forms, also see Forms.

• Jira Service Management - See Jira Cloud, Jira Service Management, and Forms.

Jira Cloud

You can create an app access rule to limit an app’s ability to access and modify certain data in a Jira project—particularly user-generated content.

Apps blocked by an app access rule may still take other actions that do not directly interact with user-generated content, such as changing the look and feel of Jira. Global admin permissions may still be required to run certain apps. For example, if a Jira user does not have admin permissions, they can’t use an app to perform administrative functions like adding users.

While they may indirectly impact issue data, shared configuration, including things like workflows, permission schemes, and issue security schemes, are not blocked by app access rule.

To view a detailed list of the app functionality that is blocked or still allowed (not blocked) when an access rule applies, see App Access for Jira Cloud REST APIs.

Jira app actions blocked by the app access rule

The following commonly-used Jira functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs.

Projects

• reading project issue security levels or unresolved issue count

• deleting a project

Board

• creating or deleting a board

• getting lists of board-related data items, including boards, board versions, sprints, epics, issues, issues belonging to a sprint, issues that belong to an epic

• moving issues within a board, or between board and backlog

Issues

• creating, reading, updating, or deleting issues

• assigning, transitioning, or exporting issues

• archiving or unarchiving issues, or interacting with archived issues

• creating, reading, updating, or deleting any of the following issue-related items

  • attachments

  • comments and comment properties

  • custom field configuration, options, and field values (apps)

  • fields (see below for certain exceptions regarding custom fields)

  • links, properties, remote links, votes, and watchers

  • Issue search

  • worklog properties

  • worklogsFilters

Jira expressions and JQL

• evaluating an expression

• sanitising or parsing JQL

• returning autocomplete suggestions by JQL

Labels

• reading labels

Permissions

• reading the permissions of a user

Sprints

• creating, reading, updating, or deleting a sprint

• returning a list of issues in a sprint

• moving issues into a sprint

• reading or updating properties for a sprint

User search

• finding users with specific permissions

• finding users by query, such as returning a list of all users who are reporters of issues in project PROJ, or who have commented on any of the specified issues

• finding users that can be assigned to a specific project or issue

Jira app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs.

Announcement banner

• reading or updating the announcement banner configuration

Application roles

• reading application roles

Audit records

• reading audit records

Avatars

• reading or deleting system avatars

• reading avatar images

Dashboards

• creating, reading, updating, or deleting dashboards and dashboard item properties

• adding, reading, updating, or removing gadgets from dashboards

• searching for dashboards

• copying dashboards

Filters

• reading or setting the default share scope for filters and dashboards, for a user

• reading or deleting filters

Groups

• creating, reading, or deleting groups

• finding groups and their users

• adding, removing, and reading users in groups

Issues and issue-related schemes

• Issue custom fields

  • creating, reading, updating, or deleting issue custom field contexts

  • adding, removing or reading default values, issue types, project mappings from custom field contexts

  • creating, reading, updating, deleting, or reordering custom field options

• Issue field configurations

  • creating, reading, updating, or deleting field configurations and field configuration schemes

  • adding, removing, or reading issue types to/from field configurations

  • assigning a field configuration scheme to projects

• Issue fields

  • returning a list of fields and their properties such as whether they can be used for sorting or issue navigation

  • creating, updating, or deleting custom fields

  • moving a custom field to trash, or restore it from trash

• Issue link types

  • creating, reading, updating, or deleting issue link types

• Issue navigator settings

  • setting or reading issue navigator settings

• Issue notification schemes

  • creating, reading, updating, or deleting notification schemes

  • adding or removing notifications from a notification scheme

  • returning a list of projects using a notification scheme

• Issue priorities

  • creating, reading, updating, deleting, or searching priorities

  • moving priorities

• Issue resolutions

  • creating, reading, updating, deleting, or searching issue resolutions

  • moving issue resolutions

• Issue security schemes and levels

  • creating, reading, updating, deleting, or searching issue security schemes

  • associating issue security schemes with projects

  • reading issue security schemes associated with projects

  • adding, reading, or updating issue security levels

  • adding, reading, or removing members to/from issue security levels

• returning a list of users who are watching an issue

• listing IDs of deleted worklogs

• returning all issue events

• creating, reading, updating, or deleting UI modifications that customize the appearance and behavior of specified fields on issue create and issue view pages for a specified issue type or project ID

Issue types and issue type schemes

• creating, reading, updating, or deleting issue types

• storing images to be used as issue type avatars

• Issue type properties

  • reading, updating, or deleting issue type properties

• Issue type schemes

  • creating, reading, updating, or deleting issue type schemes

  • adding or removing issue types from issue type schemes

  • reading issue type scheme items

  • assigning an issue type scheme to a project

• Issue type screen schemes

  • creating, reading, updating, or deleting issue type screen schemes

  • adding or removing mappings to issue type screen schemes

  • assigning issue type screen schemes to projects

Jira expressions

• analyzing Jira programmatic expressions that are used by some apps to access Jira objects, and returning information about the expression’s validity and complexity

Jira settings

• reading or updating application properties

• reading global settings, such as which Jira features are enabled

• reading Jira attachment settings

JQL

• returning JQL reference documentation for fields

• reading or updating precomputed values used in JQL searches

• converting user identifiers to account IDs in JQL queries

License metrics

• reading details of the license, including the list of applications such as Jiraincluded in the license

• reading licensed user counts

Local user (myself)

• reading current user or locale

• reading, updating, or deleting user preferences

Permissions

• reading global and project permissions

• returning a list of projects that the specified user has permission to

• creating, reading, updating, or deleting permission schemes

• creating, reading, or deleting permission scheme grants

Projects

• creating, archiving, or restoring a project

• updating project details

• reading statuses for a project

• reading project notification scheme

• Project avatars

  • creating, reading, updating, or deleting project avatars

• Project categories

  • creating, reading, updating, or deleting project categories

• Project components

  • creating, reading, and updating project components

• Project email

  • reading or setting the project’s sender email

• Project features

  • creating or reading project features

• Project issue security levels

  • setting issue security levels for the project

• Project key and name validation

  • reading a project name or key

  • validating a project key

• Project permission schemes

  • assigning a permission scheme to project

  • reading the permission scheme assigned to project

• Project properties

  • setting, reading, or deleting project properties

  • reading a list of property keys

• Project role actors

  • adding, reading, and deleting actors or default actors to/from a project role

• Project roles

  • creating, reading, updating, or deleting project roles

• Project types

  • reading project types

• Project versions

  • creating, reading, or moving project version

  • creating, reading, updating, or deleting related work

Screens, screen schemes, and screen tabs

• creating, reading, updating, or deleting:

  • screens

  • screen schemes

  • screen tabs

• reading, moving, adding, or removing fields from screen tabs

• moving the position of a screen tab in the list of tabs

Server info

• reading Jira instance info such as the site’s URL, version, and timezone

Status

• creating, reading, updating, deleting, or searching the statuses that can be applied to issues

Tasks

• reading the status of a long-running task or cancelling a task

Time tracking

• reading or selecting the app used as the time tracking provider

• updating time tracking settings such as working hours per week or default time format

User management

• creating, reading, updating, or deleting users

• reading, setting, and resetting the default “issue view” columns for a user

• performing the following actions related to user properties

  • reading, setting, or deleting user properties

  • listing the defined user property keys

• searching for users

Webhooks

• registering and deleting types of webhooks

• listing the webhooks registered by the app

Workflows and workflow schemes

• creating, reading, updating, or deleting workflows

• validating workflows

• performing the following actions on workflow schemes

  • creating, reading, updating, or deleting workflow schemes or draft workflow schemes

  • reading and updating the associations between issue types and workflows in a workflow scheme or draft workflow scheme

  • publishing a draft workflow scheme

  • creating, reading, updating, or deleting the draft default workflow

  • assigning a workflow scheme to a project

  • reading workflow schemes assigned to the specified project

• reading workflow statuses and status categories

• creating, reading, updating, or deleting workflow transition properties

• reading, updating, or deleting workflow transition rules

Jira Service Management

Jira Service Management app actions blocked by the app access rule

The following commonly-used Jira Service Management functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs.

Organisation

• adding, returning, or removing organisations to/from a service desk

Request

• creating customer requests

• subscribing or unsubscribing to or from a request

• adding, reading, or removing participants to or from a request

• posting, reading, or deleting feedback to or from a customer request

• performing or reading customer transitions

• reading or answering approvals

• creating or reading attachments

• returning comments, comment attachments, request types, SLA information or subscription status

Service desk

• creating, reading, or deleting request types

• adding, reading, or removing customers to or from a service desk

• returning service desk details, request types, queues, issues in a queue, or details of a request type property

Jira Service Management app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira Service Management functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs.

Assets

• returning assets workspaces

Customer

• creating a customer

Information

• returning information about Jira Service Management, such as version, builds etc

• returning knowledgebase articles

Organisation

• creating, returning, or deleting organisations

• adding, returning, or removing users to or from organisations

• setting, returning, or deleting properties of organisations

Servicedesk

• setting or deleting properties of servicedesks

• returning service desks a user has access to

Jira

Jira app actions blocked by the app access rule

The following commonly-used Jira functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs.

Board

• moving issues to and from a board

• listing issues associated with a board

Epic

• listing issues in an epic

• listing issues without an epic

• moving issues to or from an epic

Issue

• reading issues or their estimations

• estimating and ranking issues

Sprint

• deleting a sprint

• getting issues for a sprint

• reading a sprint property

Jira app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs.

Board

• listing boards that use the specified data filter

• listing property keys (names) defined for the specified board

• creating, reading, updating, or removing boards

• listing boards

• setting, reading, or deleting a board property

• toggling features

• listing sprints, versions, projects, or epics, associated with a board

• returning the filters, configuration, properties, and reports for a board

Epic

• reading an epic

• moving issues to or from an epic

• listing issues in an epic

• ranking epics according to their importance

• searching epics

Sprint

• updating a sprint, including closing an active sprint

• listing property keys (names) defined for the specified sprint

• creating, reading, or deleting a sprint

• setting or deleting sprint properties

• reordering sprint positions on a board

Development information

• getting and deleting a repository

• storing development information so that it can be accessed by Jira

• deleting development information

• checking if data exists for specified development information properties

Feature flags

• getting, setting, and deleting feature flags

Deployments

• storing deployment data so that it can be accessed by Jira

• getting and deleting deployment data

Builds

• storing build data so that it can be accessed by Jira

• getting and deleting build data

Remote links

• storing remote link data so that it can be accessed by Jira

• getting and deleting remote link data

Security information

• storing security workspace and vulnerability data so that it can be accessed by Jira

• getting and deleting linked security workspaces and vulnerability data

Operations

• storing operations workspace data so that it can be accessed by Jira

• getting and deleting operations workspace data

• storing incident or review data so that it can be accessed by Jira

• getting and deleting incident or review data

DevOps components

• storing DevOps components so that they can be associated with projects in Jira

• getting and deleting DevOps components

Forms

Forms are available to all Jira Service Management customers.

Forms can also be used by Jira Cloud customers who previously used the ProForma Marketplace app.

Forms app actions blocked by the app access rule

The following commonly-used Forms functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs.

Issue forms (internal forms)

• creating, reading, updating, or deleting a form for an issue

• getting a list of forms associated with an issue

• submitting, reopening or copying a form for an issue

• reading form attachments or Jira data linked to a form for an issue

• transforming form data into PDF, XLSX, or flat list format

• changing the form’s visibility in the customer portal

• exporting form data for a project

Customer request forms

• reading a form for a customer request

• getting a list of forms associated with a customer request

• saving form answers or submitting a form for a request

• transforming form data into PDF, XLSX, or flat list format

• reading form attachments or Jira data linked to a form for a customer request

Forms app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs.

Servicedesk (portal) forms

• read a servicedesk form template

• read external form data for a servicedesk form template

Form template management

• creating, reading, updating, or deleting a form template for a project

• getting a list of forms for a project
  
  

Related links:

• App access rule coverage summary

• App Access for Jira Cloud REST APIs