App Permissions in Next-gen projects

G'day Atlassian community!

My name is Abhinaya Sinha and I'm a product manager for Jira. I'm excited to announce that we have launched support for custom project permissions from Atlassian marketplace applications/add-ons to next-gen projects. You may be aware that earlier in the year, we had announced the launch of managing roles and permissions in next-gen projects. The capability we're announcing today extends next-gen permissions and roles beyond Jira-provided project permissions to marketplace applications'/addons'-provided permissions. It makes roles in next-gen projects even more powerful and extensible. 

What are custom project permissions? 

Custom project permissions are permissions scoped to a project and are typically added by marketplace applications/add-ons. Apps use such permissions to make Jira more extensible and powerful, and we're pleased that next-gen projects can leverage this capability now. To give an example of such extensibility, consider an app such as Tempo Timesheets. It provides permissions such as "view all worklogs", "log work for others", "set billable hours", and "view issue hours". Each of these permissions serves a distinct purpose. For instance, "set billable hours" allows customers to control the use of billable hours in Tempo, so they can track them independently of the actual worked hours. By supporting such permissions in next-gen projects, we extend the functionality of a next-gen project to capabilities provided by marketplace applications and add-ons. Any Atlassian marketplace connect application installed on your Jira instance that specifies project permissions in its app descriptor is now available for use in next-gen. Some other applications that provide project permissions include Issue Checklist Pro, Deep Clone for Jira, among others. 

Administrators can create project roles and grant these permissions to those roles. And users assigned to these roles can then use functionality provided by these permissions. 

How to use these permissions?

Navigate to Project Settings > Access for Jira Software (Project Settings > Internal Access for Jira Service Desk) and click on "Manage roles".

Click on "Create Role".

Custom project permissions appear under the 'App permissions' tab. Permissions are grouped by app. Next-gen project administrators can grant respective permissions to users, then click on Create role. The created role appears in the list of roles under "Manage roles". For more on using roles in next-gen projects, please refer to our launch announcement on using roles and permissions in next-gen projects. 

In the example below, there are 3 apps installed on the site that specify project permissions in their app descriptor. Permissions from these apps appear in the "Create role" modal. I created a new role called "Tempo Timesheet users" to which, I granted the set of permissions provided by Tempo Timesheets. The newly created role appears in the "Manage roles" modal. Project administrators can assign users to these roles. Assigned users would be able to perform actions described by the permissions granted to the role. 

Finally, note that app project permissions can be granted to new roles only and not to the default roles: Administrator, Member, Viewer for Jira Software and Administrator, Agent, Viewer for Jira Service Desk. If administrators would like to utilise app project permissions, they must create a new role and grant these permissions to that role. 

We hope you find this feature useful to your work and look forward to your feedback. 

Thank you!

Cheers,

Abhinaya