Why does a non site-admin able to install other marketplace apps, but not our application?

We had an application hosted on atlassian marketplace. We are checking what permissions are required to install and check the end to end flow for our flow. We found that a non site-admin can install other apps, but not our application. We are not sure if its a bug or why its acting differently in our case.

@Rahulmathews,

What kind of app do you have? Is it based on Atlassian Connect, Forge, or just OAuth? What apps are you comparing? Fundamentally, who can “install” the app depends on the auth model. As a trend, Atlassian is closing the door on user-installed apps, mostly leaning on models where admins have that control.

Our Collector is based on Atlassian Connect and our user has Jira Software - User and Jira Administrator - Product role. He is unable to install the app. But when the user is given the site-admin role, he is able to access the app. But when the same user who don’t have site-admin role has tried to install some other app and is able to install it. Is it a bug or Is there something we’re missing?

@Rahulmathews, what other apps?

We have our app in the Atlassian Marketplace and we are unable to install it without site-admins permissions. However as exploring we found another app which goes like this your-instance/jira/marketplace/discover/app/com.testrail.jira.testrail-plugin and we are able to install this from the same Atlassian Marketplace. Our Question is Why the Installation process differs from app to app for the same permissions and What keeps restricting our app from being installable without site-admins permission?

@Rahulmathews,

It’s not the same permissions. Testrail only needs read and write scopes:

"scopes": [
  "read",
  "write"
],

Any app that uses admin or project-admin will require a site-admin to install.

Our scopes are “read”, “act_as_user” and “access_email_address”, So the testrail doesn’t require a site-admin to install and our app requires a site-admin is because of the difference in the scopes? Please clarify this as there is no coherent info on it anywhere in the documentation.

1 Like

Is this documented anywhere?
Does Atlassian have UX to back up this constraint so customers know why they can’t install an app?

Not that I’m aware. I only discovered this by trial and error.

No. It was a complete mystery to me until I found the pattern by examining the app descriptors.

1 Like

So uh, can we file a ticket to improve this please? <3

Your wish is granted: Undocumented behavior: site-admin required to install apps with certain scopes

4 Likes