Hi, we are struggling to get apps approved for our Confluence and Jira cloud instances due to security concerns. We have asked Atlassian and some vendors and every time we got different answers.
Almost all apps have this information in the "Integration permissions with Atlassian products" section of the "Security and compliance" tab:
* Act on a user's behalf, even when the user is offline
* Delete data from the host application
* Write data to the host application
* Read data from the host application
This mean, for example, that the installed app will be able to read (in plain text format) all the pages from Confluence Cloud? And if that´s the case, what prevents the vendor from storing the data in their servers?
Hello @Hector Vazquez
Can you provide some examples of the answers you are receiving?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.