Why does a non site-admin able to install other marketplace apps, but not our application?

We had an application hosted on atlassian marketplace. We are checking what permissions are required to install and check the end to end flow for our flow. We found that a non site-admin can install other apps, but not our application. We are not sure if its a bug or why its acting differently in our case.

@Rahulmathews,

What kind of app do you have? Is it based on Atlassian Connect, Forge, or just OAuth? What apps are you comparing? Fundamentally, who can “install” the app depends on the auth model. As a trend, Atlassian is closing the door on user-installed apps, mostly leaning on models where admins have that control.

Our Collector is based on Atlassian Connect and our user has Jira Software - User and Jira Administrator - Product role. He is unable to install the app. But when the user is given the site-admin role, he is able to access the app. But when the same user who don’t have site-admin role has tried to install some other app and is able to install it. Is it a bug or Is there something we’re missing?

@Rahulmathews, what other apps?

We have our app in the Atlassian Marketplace and we are unable to install it without site-admins permissions. However as exploring we found another app which goes like this your-instance/jira/marketplace/discover/app/com.testrail.jira.testrail-plugin and we are able to install this from the same Atlassian Marketplace. Our Question is Why the Installation process differs from app to app for the same permissions and What keeps restricting our app from being installable without site-admins permission?

@Rahulmathews,

It’s not the same permissions. Testrail only needs read and write scopes:

"scopes": [
  "read",
  "write"
],

Any app that uses admin or project-admin will require a site-admin to install.

Our scopes are “read”, “act_as_user” and “access_email_address”, So the testrail doesn’t require a site-admin to install and our app requires a site-admin is because of the difference in the scopes? Please clarify this as there is no coherent info on it anywhere in the documentation.

1 Like

Is this documented anywhere?
Does Atlassian have UX to back up this constraint so customers know why they can’t install an app?

Not that I’m aware. I only discovered this by trial and error.

No. It was a complete mystery to me until I found the pattern by examining the app descriptors.

3 Likes

So uh, can we file a ticket to improve this please? <3

Your wish is granted: Undocumented behavior: site-admin required to install apps with certain scopes

4 Likes

Is this documented yet @ibuchanan?

Thanks

@edave,

Not according to the ticket. Please vote and comment.

@ibuchanan - when I visit that ticket, I get a permissions error saying I don’t have access to this issue

2 Likes

@ademoss,

Ah, I should have noticed. This bug has a bug!

Someone converted my ACJIRA bug report into a Marketplace support case. I don’t know why. Worse, that ticket was assigned to someone who no longer works for Atlassian; hence, must be in some queue somewhere that is not getting worked. Again, no idea how that happened.

I raised all of this with the internal Connect team in Slack and have asked them to find the way back to a real workstream. And more importantly to document this new behavior (it’s not recent anymore, but it’s new relative to the documentation).

5 Likes

We’re lucky to have you Ian. Thank you.

1 Like

Thanks @ibuchanan!