I am developing a Forge app for Jira and trying to restrict access to certain pages using hasGlobalPermission in the manifest.yml.
My goal is to limit access to specific pages only to Jira administrators or some specific groups.
Here is how my manifest.yml is configured:
modules:
jira:globalPage:
- key: myKey
.....
sections:
- header: myHeader
...
pages:
- title: myTitle
...
displayConditions:
hasGlobalPermission: ADMINISTER
....
I have created a test user who does not have the ADMINISTER permissions .
However, this user can still access the page , even though hasGlobalPermission is supposed to restrict their visibility.
I also tested retrieving permissions for this test user via the Jira API:
const response = await api
.asUser()
.requestJira(route`/rest/api/3/mypermissions?permissions=ADMINISTER`, {
headers: { Accept: "application/json" }
});
const data = await response.json();
console.log("🔹 Permissions:", data);
And the result confirms that the user does not have the permission (havePermission: false).
Questions:
-
Why does
hasGlobalPermissionnot block access and visibility to the page? -
Is there a better waqy to achieve this restriction based on permissions or specific groups?
Thank you fo your help