"Share data with **unlimited** locations outside of Atlassian." message

I just installed my own app and when my user goes to start using it and jumps through the oauth “accept permissions” bit - one of the permissions listed is:

Share data with unlimited locations outside of Atlassian.

The app may share personal data outside of Atlassian cloud to unlimited locations on the internet. This may be required for the app to fetch data from user-defined sources, though this can put your data privacy at risk.

What triggers this? My scopes are just

    - 'storage:app'
    - 'read:jira-work'
    - 'read:jira-user'

Is it because of me using a web trigger? If so - shouldn’t this warning be shown at the time of the admin installs the app instead of the individual user (who may not undertand what the app is doing and this message may be really scary to them).

1 Like

@danielwester could you please share your “permissions” section from the manifest.yml file?

Sure


permissions:

  external:
    images:
      - '*'
  content:
    styles:
      - 'unsafe-inline'
  scopes:
    - 'storage:app'
    - 'read:jira-work'
    - 'read:jira-user'

Is it because if the images * ? Why wouldn’t that be shown to the admin instead of the individual user?

1 Like

@danielwester that’s correct, it’s because of the wildcard in “images”. The message is displayed to the user so that all the app’s permissions are transparent to them, allowing them to decide if they want to accept or not. We don’t want the user unknowingly accepting permissions that they don’t actually consent to.

We are currently working on also showing the admin the same information.

2 Likes