How SharePoint Permissions Are Automatically Respected in Jira - Governance Without Extra Work
This article reflects real governance questions we hear from Jira admins, IT teams, and security officers.
Connecting SharePoint to Jira creates immediate productivity gains, files attached to work items/issues, folders linked to spaces/projects, context in one place. But before you roll it out, one question deserves a careful answer: what happens to SharePoint permissions when files are accessed from inside Jira?
Some integrations take the easy route: they use a single shared account to access all files, meaning anyone in Jira can potentially view SharePoint content they wouldn't normally have access to. That might be fine for general-purpose content. For anything sensitive, such as contracts, HR documents, financial files, and client data, it creates a governance gap that's hard to explain to an auditor.
SharePoint Connector for Jira by ikuTeam gives admins a clear choice, and the most governance-appropriate mode requires a single toggle to enable.
Understanding the Two Permission Modes for Your Jira SharePoint Integration
Mode 1 - Mirror Storage Permissions: OFF (default)
In this mode, once a project admin connects a SharePoint folder to Jira, any Jira user with access to that project can view the connected files, regardless of their SharePoint permissions. The connector operates using the credentials of the person who connected the folder.
This works well for teams where SharePoint access is broadly granted, or where connected folders contain non-sensitive content like templates, public assets, or shared documentation. However, because all file activity runs through the connecting user's credentials, SharePoint audit logs will attribute all actions to that account. We strongly recommend using a dedicated service account to connect folders in this mode, so your audit trail remains clean and clearly attributed to the app rather than an individual.
Mode 2 - Mirror Storage Permissions: ON (individual access)
In this mode, the connector enforces SharePoint's native security model at the individual user level. Each Jira user authenticates with their own Microsoft 365 account. What they can see and do with files in Jira is determined entirely by their own SharePoint permissions.
-
A user with read access in SharePoint can preview files attached to Jira issues
-
A user with edit access in SharePoint can open and edit files directly from the issue panel
-
A user with no SharePoint access to a file cannot see it in Jira, even if the issue itself is visible to them
Think of it as a double lock: a user must pass both their Jira project permissions and their SharePoint permissions to interact with a file. The more restrictive permission always wins.
This is not a permission sync or a stored copy. It is the same Microsoft Graph API check SharePoint performs natively, evaluated in real time, every time a user accesses a file.
How to Configure Permissions for Your SharePoint Jira Integration
This is a Jira admin setting, configured once for the entire instance:
-
Go to Jira Settings
-
Navigate to Apps → SharePoint Connector
-
Open the Admin Settings panel
-
Toggle on Mirror Storage Permissions
The change saves and applies immediately across all Jira projects using the connector.
No project-level configuration required. No manual permission mapping. One toggle, and individual SharePoint access control is enforced instance-wide.
What Users Experience
With Mirror Storage Permissions enabled, users are prompted to sign in with their Microsoft 365 account the first time they access a SharePoint file or folder from a Jira issue. Their credentials are securely stored within the Atlassian platform, they won't be asked again.
After that initial sign-in, the experience is transparent. Files that they have access to via SharePoint appear normally in the work item/issue panel. Files they don't have access to simply aren't accessible, no workarounds, no error-prone edge cases. Jira becomes a window into the right SharePoint content for each user, bounded by exactly the permissions they already have in Microsoft 365.
What This Means for Governance and Compliance
Files never leave SharePoint. The connector never copies file data into Jira or Atlassian infrastructure. Your SharePoint governance policies cover the files wherever they're accessed from.
Permissions are always current. Revoke a user's SharePoint access, and that change is reflected in Jira immediately, no cached copies, no delayed propagation.
Audit logs are accurate and individually attributed. With Mirror Storage Permissions ON, SharePoint logs record which specific user viewed or edited each file from Jira. This directly supports audit requirements under ISO 27001, GDPR, SOC 2, and similar frameworks, and it means your compliance records reflect reality, not a service account acting on behalf of everyone.
Access management stays in one place. Grant or revoke SharePoint access, and Jira automatically reflects it. No parallel permission management, no admin overhead on the Atlassian side, no risk of the two systems falling out of sync.
Try It Free
SharePoint Connector for Jira is available on the Atlassian Marketplace with a free trial. Mirror Storage Permissions is available on all plans.
Are you managing SharePoint and Jira in a regulated or compliance-sensitive environment? Would love to hear how your team handles access control across tools. Drop a comment below.
Was this helpful?
Thanks!
Bibek_ikuTeam_
0 comments