I'm using the Get projects paginated REST API endpoint to list Project Keys for users with access to those projects.
The API documentation states that the user should be able to see project information if they have the "Browse Projects permission" for the project. I confirmed the Permission Scheme grants Browse Projects rights to "Project Role (Project Access Group)".
The test user accounts have granted the Oauth 2.0 Classic scope of read:jira-work.
We are using Company-Managed projects. We create and populate a Project Access Group for each project. The Project Access Group is then granted write access to that specific project.
When I log in as administrator, the API call provides a complete, paginated list of project keys.
When I test with a standard user account, I can only find Project Keys for Team-Managed projects where the test user account is an administrator of that project.
After observing this, I tried manually adding a test user's account directly to a Company Managed Project with a variety of roles (rather than using the Project Access Group). That also doesn't work. It seems like the user must be an administrator of the project for the API to return the project.
I also added the user to a separate Group (rather than Project Role) that I also configured with Browse Projects rights. Still, the user can only list Team-Managed projects on which the user is an Administrator.
I don't believe this behavior in line with the permissions noted in the Get projects paginated API's documentation.
Might this be a bug? Do I need to do something different for Company Managed Projects? Thanks for your guidance!
