Every app user needs the permission to “use” and “install” the app. How do we separate those?
use
- storage:app
- write:jira-work
- read:jira-work
install
- manage:jira-configuration
- manage:jira-project
We want that only the administrator has to give his consent to the “installation” permissions and the user only refers to the “use” permissions.
Our forge app requires permission to add an IssueType on behalf of the user. This is only necessary during the installation process. After that, and most importantly for any other user, this permission is not required. However, each user must give their consent before using the app. That would be fine if it only affected the permissions required to actually “use” the application, not “install” it.
I find it odd that all users must have the same permission, even if the installation is out of context for most users.
I’m pretty sure I’m missing something here. Can someone enlighten me?
***** UPDATE
I’m not entirely sure, but my latest test tells me: it looks like the “normal” user is giving consent to permissions he doesn’t have. This is quite confusing. A user who is not able to manage Jira configurations sees from his perspective that he should give just such permissions:
- manage:jira-configuration
- manage:jira-project
But that doesn’t mean anything. As long as the app doesn’t call anything that the user doesn’t have permissions for, there’s no problem, I think. Can anyone confirm this?