How to an app can access issues that are secured

Hi there,

We’ve recently had a customer contact us about an issue with our app - which turned out to be a problem with permissions.

We are indexing issues in the backend, and for that we invoke a JQL request to the search endpoint. That gives us a list of issue ids which we persist, and make another request on the frontend to fetch the actual content and take care of permissions.

The issue comes up when an issue is secured, and in this particular case, the issue requires the user to have an admin permission for the project.

In the past it was possible to edit the security scheme for a project and add an “add-on” user to the scheme, but it looks to me that this is no longer possible.

Is there a way to configure the instance to allow an app to access those issues?

Kind regards,
Bartlomiej Lewandowski

Hey Bartlomiej,
Thanks for your question - are you using Connect or Forge to build your app?

Hi @bartlomiej,

I think you might be referring to this bug report: [ACJIRA-2406] Restricted issues in a team-managed project are not returned via REST APIs, both when using the search and the issue endpoint - Ecosystem Jira.

I don’t have a workaround for this but, if one will be identified, it will be posted on the ticket directly.

It would be good to know here/on the bug report, how many apps are affected and noticed that so far.


Recently I have also experienced a similar issue. I have fixed it by giving required permission to “atlassian-addons-admins” user group or “atlassian-addons-project-access”.

Connect app

Correct, this issue was probably created after describing the issue in detail in a support ticket :slight_smile:

1 Like

Thanks for jumping in @denizoguz. Are you sure it is actually working?
I’m trying to understand what I’m doing wrong.

I’ve just tried to do the same by adding these “users” to the Project Settings → Access UI in a team-managed project but, even after adding them, I still cannot retrieve the restricted issues when using the REST APIs in a Connect app.

Here is a screenshot of the Project access page:

@ccurti Our situation was a little different. It was a Forge app and we were using app “api.asApp().requestJira” method for accessing Jira REST API. I had two problems, first the app didn’t able to retrieve details of an issue, protected with “issue security schema” and a second problem was it didn’t able to retrieve list of “user groups”. Both of them were solved by adjusting permissions of “atlassian-addons-admins” and “atlassian-addons-project-access”. It may not be the same problem but for our similar case adjusting permissions solved both issues.

1 Like

Has anyone figured out how to give an access to connect app user?
Imagine the project is restricted to a certain user group and we want to allow a particular (connect) app to have access to it as well. How to do that?

Thanks! This seems to have worked for a Forge app in the production environment, but I’m having trouble while it is in the development environment. I even tried adding the app user directly to the issue type security scheme. Two users show for the app in the single user selection. I assume one is the development install and one is the production install. I added both, but this did not help. Have you experienced anything similar while working with it in the development environment?