I don't think REST exposes that information, because it's not a simple direct relationship.
Given a project, you'd need to read the list of people and groups in roles, then expand the groups out to people, then read the permission scheme to work out if your user matches the rules for access. You also need to think about what "access" means (just "I can see issue", or something else?), and how to handle the dynamic roles like assignee and reporter etc.
However, REST respects the permissions of the users internally, so if your rule is "person must have browse rights", then your normal user trying to use REST will only see the projects that they see when they use the UI.
![Nic Brough [Adaptavist]](https://avatar-cdn.atlassian.com/053c857b7b2c424c1d3c24a86cb95aa9 "Nic Brough [Adaptavist]"){kind=avatar}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.