Help me with permissions scopes in manifest.yml file!

Hello,

I have a problem with my app running in service desk portal in Forge. With a customer account I logged in, and I got this image

These are permissions scopes:
permissions:
scopes:
- storage:app
- read:jira-user
- write:jira-work
- read:jira-work
- read:servicedesk-request
- read:requesttype:jira-service-management
- manage:jira-project
- report:personal-data

I also tried my main account - which I use to log into forge/cli every morning - and removed some permissions scopes, and, with less permissions scopes, my main account doesn’t have access either -.-’

So, has anyone run into a warning icon like this? Or the error message behind it? What does it mean?

In the end, tuning Product Access for the User did allow me to get me through; giving Jira Service Management access made the Forge popup window open in the portal for the User, and me. But removing the Product Access sometimes granted them the access even longer after it is removed - results inconsistent.

I have run into behaviour like this, but on DC and Server platforms, and there I would avoid permission problems by accessing the root matrix basic protocol IOS sub-system matrices of the server Jira/Confluence is running on, and override permissions.

In Cloud sorta asApp() should mean “override permissions”, but it seems the app can have less permissions than the user running, but also sometimes more permissions than the user. If they could both unify their permissions, of User, and of App, should be enough, because if I can’t get it asUser() in the first place, I am better of using asApp() anyway.

Thanks for your time everybody.

Tomislav
Caelor ~

Hi,

I had the same problem some weeks ago. I solved it as follow:

  1. Delete all values under “scopes:”. So, leave “scopes:” empty.
  2. run in the console: “forge lint --fix”. This will add the needed access rights.
  3. run “forge deploy”.
  4. run “forge install --upgrade”.
  5. if you run the tunnel, restart it.
  6. check if it is working again.

I think the issues was/is the order of the entries.

Hi, thanks for the provided steps. Unfortunately, I had already tried the steps before I created this post. I had found out the problem can’t be resolved with tweaking the scopes and most likely is a limitation of Forge. However, that limitation appears to have a resolution date; follow and vote on this ticket for more information: [FRGE-189] - Ecosystem Jira

It’s got to do with access of un-licensed and anonymous users in Forge.