Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 
  • Community
  • Q&A
  • Rovo
  • Questions
  • Rovo MCP — all Confluence tools return 401 "scope does not match" despite all read/search scopes

Rovo MCP — all Confluence tools return 401 "scope does not match" despite all read/search scopes

dakota
July 2, 2026

We are using the Atlassian Rovo MCP integration and have enabled all available read and search scopes in the Rovo MCP settings UI. Despite this, every Confluence tool call fails at runtime. It was working previously but suddenly has stopped and we're not sure why.

What works

- getAccessibleAtlassianResources — returns our site correctly, with cloud ID 8f2d4697-... and site URL creativeforce.atlassian.net

However, the response only lists two scopes on the token:

- read:confluence:agent-interface
- search:confluence:agent-interface

What fails — all with the same error

Every other Confluence tool returns:

Authentication failed: {"code": 401, "message": "Unauthorized; scope does not match"}

This includes:

- getConfluenceSpaces
- getPagesInConfluenceSpace
- getConfluencePage
- getConfluencePageDescendants
- searchConfluenceUsingCql
- getConfluencePageFooterComments
- getConfluencePageInlineComments
- getConfluenceCommentChildren

Additionally, the generic search (Rovo Search) tool returns a different error:

Access denied. Your account does not have permission to search Jira or Confluence content.

Our questions

1. Are read:confluence:agent-interface and search:confluence:agent-interface the only scopes Rovo MCP ever provisions, or should additional scopes such as read:confluence-content:confluence be present on the token when those settings are enabled?
2. Is there a known issue where enabling scopes in the Rovo MCP settings UI does not propagate to the runtime token? Is a disconnect/reconnect or manual token refresh required?
3. Why does getAccessibleAtlassianResources succeed while all other Confluence tools fail — does it use a different auth mechanism or endpoint?
4. Why does the generic Rovo search tool return a 403 (access denied) rather than the 401 (scope mismatch) that all other tools return? Does this tool require a separate permission grant?
5. What is the correct set of scopes required for each Confluence MCP tool, and where can these be verified?

Any suggestions?

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events