Atlassian recommends "classic" permission scopes, why?

Hello! We want to refine the permission management for our app because we are using the recommended classic permission scopes – this results in many more permissions than we need and we have realised this also results in the Marketplace listing stating that our app does things that it does not, such as “deleting, editing or creating issues” by using write:jira-work when we only handle issue properties.
Looking at Atlassian documentation, in different places, we can see earnest warnings against the use of granular permissions, for example:
image
or
image

  • Why is so recommended and warned against when using the granular ones seem to make much more sense?
  • Also, will this update the text in the Marketplace listing? (hopefully, it does)

Thanks in advance.

2 Likes

Hi,

I think the main reasons to recommend classic scopes are:

  • You can have no more than 50 Scopes in total (they increase the header size if I remember corretly)
  • as any new scope will result in a major update and the admins are required to manually update the plugin. That’s not very practicle when you just need to access a new api with a trivial scope (that the customer does not care about)
2 Likes