Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Avoid `atlassian-addons-project-access`role being readded to permission scheme automatically

Arjen Hoekstra
Arjen Hoekstra November 20, 2020

Hello, I have created a permission scheme, which only allows read access to projects associated with this permission scheme.

However, whenever an add-on is installed, for this permission scheme the `atlassian-addons-project-access` project role is added again automatically for all permissions. This enables write access for add-ons, which I'd like to prevent.

How can I make sure this project role is not automatically readded upon an add-on install for this specific permission scheme?

Answer
Watch
Like Brian Hill likes this
1049 views

1 answer

0 votes
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 20, 2020

Hi Arjen - Welcome to the Atlassian Community!

Allowing that to be added is usually a part of the agreement you allow when you purchases/install the add-on. So I don't think you will be able to prevent it doing the initial adding to the permission scheme. 

Also, they usually do it for a reason, so removing those from the Permission Schemes might cause it to not work correctly. 

View More Comments
Arjen Hoekstra
Arjen Hoekstra November 20, 2020

Hi John,

Thank you for the welcome and thank you for your answer.

I can understand that this would be done for new add-ons when they are added, to prevent that they are not working when using them for the first time. However, in the way it's implemented now it's also applied for existing add-ons and I could not find a way to differentiate between those. There is a specific add-on I would like to prevent having write-access for specific projects.

What would be the best practice to make a project read-only? I tried following the "Making a project 'Read-Only'" section here, but as the add-on permissions are added again automatically it's not truly read-only.

Like
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 20, 2020

atlassian-addons-project-access is generic for all add-ons. There are not separate permissions that are granted for each add-on. You probably shouldn't use that add-on if you don't want it to have the same permissions as other add-ons. You are not going to be able to separate them. 

Like
Arjen Hoekstra
Arjen Hoekstra November 23, 2020

Hi John,

Thank you for the additional comment.

I actually would like to give the add-on write-access from some projects, but not for others and I tried to differentiate using different permission schemes. But I understand from your answer that's not structurally possible, only if you would manually edit the permission scheme again after a new add-on install.

Can I then also conclude there is no way to make a project read-only?
The concrete case here is that we have ZenDesk integration with our projects, so that our Support department can push new issues to us from ZenDesk.
If a project becomes obsolete (e.g. because of reorganization of teams), we want to prevent that issues can be pushed from ZenDesk by accident, but the project should still be browsable/readable for audit purposes.
Do you have a recommendation how we can support this use case?

Like
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 23, 2020

You can just remove the Create Issue for everyone in that case in the permission scheme.

Like
Arjen Hoekstra
Arjen Hoekstra November 23, 2020

Yes, I did that. Only the problem is that it's being readded for the `atlassian-addons-project-access` role whenever an add-on is installed.

Like
Arjen Hoekstra
Arjen Hoekstra November 27, 2020

Any ideas on how I can make a project read-only without needing to do a manual step every time an add-on is installed? Or is this not possible in Jira?

Like
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 30, 2020

I don't think that is going to be possible. You should probably submit a feature request for that here: https://jira.atlassian.com/secure/Dashboard.jspa

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events