Teamwork Graph tools return "read_teamwork_graph not authorized" after admin grants the permission (

Hi team,

I'm using the new API token authentication for the Atlassian Remote MCP Server (announced here: https://community.atlassian.com/forums/Atlassian-Remote-MCP-Server/Announcing-authentication-via-API-token-for-Atlassian-Rovo-MCP/ba-p/3197014).

Jira and Confluence tools work correctly with the token. However, both Teamwork Graph tools — getTeamworkGraphContext and getTeamworkGraphObject — consistently fail with:

Access denied: Your organization admin has not authorized the read_teamwork_graph permission.

Configurations already performed by our org admin

1. Authorized the Atlassian Remote MCP Server at the org level from admin.atlassian.com.
2. Enabled the read_teamwork_graph permission for the MCP Server.
3. Confirmed the Bitbucket ↔ Atlassian product integration is active for our workspace.
4. My user has access to both the Atlassian org and the Bitbucket workspace (I can browse the target PR in the Bitbucket UI without issues).

Despite all of the above, the Teamwork Graph tools still return the read_teamwork_graph not authorized error.

Questions

1. After an admin grants read_teamwork_graph, does the user need to re-issue the API token for the new scope to take effect?
2. Is there a separate per-product authorization required beyond the org-level Teamwork Graph permission?
3. Is there any propagation delay after enabling the permission? If so, what's the expected window?
4. Is there a way to inspect the effective permissions of the current API token to debug this?

Environment

- Auth: API token (Bearer) per the new flow
- MCP server: Atlassian Remote MCP
- Tools failing: getTeamworkGraphContext, getTeamworkGraphObject
- Tools working: all Jira and Confluence tools

Additional troubleshooting
▎
▎ I tested four variants through the Rovo MCP — all return the exact same error message:
▎
▎ 1. getTeamworkGraphContext with objectType: "ExternalPullRequest" and a Bitbucket PR URL.
▎ 2. getTeamworkGraphContext with objectType: "ExternalRepository" and a Bitbucket repo URL.
▎ 3. getTeamworkGraphContext starting from a JiraWorkItem with targetObjectTypes: ["ExternalPullRequest"] — note that this one starts from a Jira object, not Bitbucket.
▎ 4. getTeamworkGraphObject passing the Bitbucket URL directly.
▎
▎ All four fail with the identical read_teamwork_graph not authorized error, which suggests the permission gate is enforced before any object resolution and is independent of the Bitbucket integration itself.

Thanks in advance.