Getting 403 “user does not have the relevant permissions” when trying to add users to Jira groups using api.asApp() in a Forge application. The same operation works with api.asUser() but requires site admin permissions from the end user.
Goal
Allow non-admin users to add users to specific groups through the Forge app using app-level permissions instead of user permissions.
Technical Details
- Endpoint:
POST /rest/api/3/group/user?groupId={groupId} - Method: Using
api.asApp().requestJira() - Error:
403 Forbidden - user does not have the relevant permissions - Current scopes in manifest:
yaml
- manage:jira-configuration
- read:jira-user
- read:group:jira
- write:group:jira
What I’ve Tried
- Added
write:group:jirascope - Attempted to add
administer:jira-global(linter rejects as invalid scope) - Verified the app is deployed and scopes are updated
- Confirmed the same endpoint works with
asUser()when user has admin permissions
Error Details
Error: Failed to add user to group: Status: 403 - An error occurred:
com.atlassian.idp.client.exceptions.AuthorizationException:
{“key”:“forbidden”,“context”:{“message”:“user does not have the relevant permissions”}}
Question
Is there a valid scope that allows Forge apps to manage group membership using asApp(), or is this operation restricted to asUser() with admin permissions only?
Any guidance on the correct approach for app-level group management in Forge would be greatly appreciated.