Atlassian-addons-admin group and how its created/managed

Hi!

We were having trouble of getting our an addon working in one of our trialing customers cloud instance. They probably installed it with some strange permissions which unfortunately I cannot restore anymore. Thus we tried to provide all necessary permissions and do uninstall/intstall again, but still the only difference is in Global Permissions under Jira Administrators section. Addon just cries in logs that the permissions are missing in various ways.

There should be atlassian-addons-admin group in JIRA Administrators section in Global Permissions, but its not possible to add one there and I have no idea how this group is created, by whom and when. Thus since this is the only difference in configuration, perhaps someone can explain us how this group ends up there in global permissions and if possible at all how to create/manage it later.

Hi @margus.nael,

This group is managed internally by Atlassian Connect and can’t be manipulated via the UI. It should not be possible to modify membership of this group or add it/remove it from the JIRA Administrators global permission.

If this has somehow taken place and can’t be resolved by uninstalling and reinstalling your add-ons, I recommend you guide your customer to Atlassian support.

We had lately also problem with one of our customer’s instance, where after installing the addon, most of the REST API calls were returning messages indicating that something is wrong with permissions. E.g.: “Only Connect add-on users with admin scope permission are allowed to override screen security” or “Issue does not exist or you do not have permission to see it.” (Note that addon has all scopes in atlassian-connect.json)

I started to wonder if the user could somehow remove permissions and in fact it is possible. Under Administration → System → Project Roles there is an atlassian-addons-project-access role. There you can find ‘View Usage’ action. In project’s Permission Scheme by default all permissions are granted to the atlassian-addons-project-access role, however you can remove it.

But on customer’s instance everything seemed to be ok - all permissions granted. Then we asked the customer to reinstall the addon and it helped.