Welcome to the Atlassian developer community @RanLavi,
We’ve already had a couple Request for Comments (RFCs) about the topic, detailing what it means for app developers:
- RFC-14 App Access Rule
- RFC-25: [Superseded by RFC-29] App Access Rule - followup to New App Data Access APIs
I am also interested to hear what the community thinks; however, the above RFCs make it pretty clear that our current thinking is much narrower than “dynamic permission scopes”; at least, with how apps understand the concepts of “permissions” and “scopes”. Specifically, what gets narrowed are which “containers” apps can access as in Jira projects or Confluence spaces. What’s proposed would not be as granular as the example you gave; an admin would not be able to revoke a specific app permission or scope (for example, the Connect READ or ADMIN scopes).
Hopefully, those links and my comments help you understand the intent better and drive more meaningful conversations about appsec with your customers.