Hello, I have created a permission scheme, which only allows read access to projects associated with this permission scheme.
However, whenever an add-on is installed, for this permission scheme the `atlassian-addons-project-access` project role is added again automatically for all permissions. This enables write access for add-ons, which I'd like to prevent.
How can I make sure this project role is not automatically readded upon an add-on install for this specific permission scheme?
Hi Arjen - Welcome to the Atlassian Community!
Allowing that to be added is usually a part of the agreement you allow when you purchases/install the add-on. So I don't think you will be able to prevent it doing the initial adding to the permission scheme.
Also, they usually do it for a reason, so removing those from the Permission Schemes might cause it to not work correctly.
Thank you for the welcome and thank you for your answer.
I can understand that this would be done for new add-ons when they are added, to prevent that they are not working when using them for the first time. However, in the way it's implemented now it's also applied for existing add-ons and I could not find a way to differentiate between those. There is a specific add-on I would like to prevent having write-access for specific projects.
What would be the best practice to make a project read-only? I tried following the "Making a project 'Read-Only'" section here, but as the add-on permissions are added again automatically it's not truly read-only.
atlassian-addons-project-access is generic for all add-ons. There are not separate permissions that are granted for each add-on. You probably shouldn't use that add-on if you don't want it to have the same permissions as other add-ons. You are not going to be able to separate them.
Thank you for the additional comment.
I actually would like to give the add-on write-access from some projects, but not for others and I tried to differentiate using different permission schemes. But I understand from your answer that's not structurally possible, only if you would manually edit the permission scheme again after a new add-on install.
Can I then also conclude there is no way to make a project read-only?
The concrete case here is that we have ZenDesk integration with our projects, so that our Support department can push new issues to us from ZenDesk.
If a project becomes obsolete (e.g. because of reorganization of teams), we want to prevent that issues can be pushed from ZenDesk by accident, but the project should still be browsable/readable for audit purposes.
Do you have a recommendation how we can support this use case?
Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events