Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Read-only scopes in MCP server

Sivanesh Logandurai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 4, 2025

How do I have only read-only scopes for the MCP server, and restrict it from doing any write operations?

I have tried with adding scopes in my mcp.json using env variables and arguments, but they did not work.

"atlassian": {
"command": "npx",
"args": [
"-y",
"mcp-remote@0.1.0",
"https://mcp.atlassian.com/v1/sse",
"--static-oauth-client-metadata","{\"scope\":\"read:jira-work read:jira-user\"}"
],
}
"atlassian": {
"command": "npx",
"args": [
"-y",
"mcp-remote@0.1.0",
"https://mcp.atlassian.com/v1/sse"
],
"env": {
"ATLASSIAN_SCOPES": "read:field:jira read:project:jira read:jira-user read:avatar:jira"
}
},

Whatever scope I add here the MCP server still expose the write operation related tools. 
• addCommentToJiraIssue
• createJiraIssue
• editJiraIssue
• transitionJiraIssue

Is there a different approach to do this? How are the scopes provided to the MCP server in the oauth flow?

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events