We are currently reviewing plugin apps in our JIRA environment, which contains highly sensitive information. Before installing plugins, we need to assess certain measures. Initial investigations revealed that the "Cloud Fortified" app offers the highest security in the Atlassian Marketplace. However, we found that any app installed in our Atlassian environment automatically gains access to Project admin via the "atlassian-addons-project-access" role. We have the following questions:
Based on the open ticket, even after removing the "Atlassian-addons-project-access" role will be added
Note: We cannot remove the role from the team-managed project permissions. Any guidance on that?
Hi @Pavan kumar and welcome to the Community!
As a general rule of thumb: do not remove "atlassian-addons-project-access" from permission schemes. There is no other way to grant apps the access they require to function properly and you may end up with unstable / unpredictable / erroneous behaviour with any apps you may be using.
In the Jira cloud feature request you refer to (JRACLOUD-81601) a comment links to this related Community post where Atlassian confirms the arrival of this app blocking capability.
Hope this helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.