Use Bulk Get Groups API to fetch groups having certain permissions/ access instead of relying on special default names

G’day Atlassian Developer community!

Jira is moving away from using groupName to groupId as the identifier for groups. This change is part of a larger initiative to shift our customer user bases from site-level to organisation level. Even the default groups (eg: site-admins, jira-admins-<tenantName> etc.) will no longer be hard-coded names.

We will start moving our customers to the new configuration starting from April 30th, 2023, after which the marketplace apps having hardcoded references to group names in their configurations may stop working. Hence, we request such apps to start using the Bulk Get Groups API to get groups. This will ensure that the app continues to work properly for all Jira customers. More details below.

What is changing?

Jira is making the transition from using groupName to groupId as the identifier for groups. To support this change, we are modifying our APIs that have group name fields. The groupName is no longer going to be immutable and Jira should start referring to the group via external groupId as the immutable reference.

This change is also be applicable for default special groups (eg: site-admins, jira-admins-<tenantName>), and they will no longer be hard-coded names.

Why it is changing?

This change is part of a larger initiative to shift our customers’ user bases from site-level to organisation level. We will start enabling this new configuration for our customers starting April 30th, 2023. Once that happens, the marketplace apps using hardcoded references to group names, may stop working based on the customer userbase configuration.

New Behaviour

To avoid that, we have enhanced the existing bulk get groups (GET /rest/api/3/group/bulk) API to support fetching groups by their access type (eg: fetching site-admins group by site-admin access type). This can replace the hard-coded references.

You can get more details in this announcement for we recently made for enhancement of this API.

What do I need to do?

If your apps are backed by lookup on hardcoded group names (for example, site-admins, jira-admins-<tenantName>), then you should start using the above API to get groups, in order to ensure your app continues to work for all customers.

By when should I do it?

Based on the Atlassian’s deprecation policy, a standard notice period of 6 months is given to make these changes. Thus, we request you to move to the new behaviour before April 30th, 2023.

We will keep you updated on any further changes and actions required related to this change.

Please feel free to reply to this thread in case of any queries or suggestions.

TL;DR

From April 30th, 2023, if your apps use hardcoded references to group names, they may stop working for customers with a new userbase configuration.

This includes references such as:

site-admins

jira-admins-"tenantName"

You can avoid this by switching to the newly added query parameter accessType in the bulk get groups GET /rest/api/3/group/bulk) API.

The API will get groups with a specific type of permission based on the accessType provided.

1 Like

Hi,

thanks for this, it’s a very useful addition. But I have two issues with this API endpoint:

  1. It’s marked as Experimental. This does not make inspire confidence in the API’s stability in me and my team. But the upcoming move away from hardcoded group names (which, again, I think is a great idea!) kind of necessitates using it. (Not to mention that Jira Platform API version 3 is still technically in beta as well as it states at the top of the API docs :innocent:)
  2. It requires the ADMIN scope. I previously had someone from DEVHELP open a ticket on my behalf because using groups used to not require the ADMIN Connect scope. But now, if we want to store group IDs and display group names, we need to use this API, so it will become required. (Confluence doesn’t require the ADMIN scope for the corresponding API either) This is really not great because of the unsolved issues about users not updating their apps in forever that I and other vendors regularly mention. [JRACLOUD-79363] Bulk get groups REST API endpoint connect app scopes required could be READ scopes - Create and track feature requests for Atlassian products.

Again, good change, much appreciated :+1: But in that context, I would love to see these things addressed.

Cheers,
Tobias

2 Likes