On Jira Server/DC, there is a sanitiseSearchQuery() function on the SearchService which can be used to turn entity names in JQL queries into entity IDs so unauthorized users can’t see the corresponding entities.
We were looking for the Cloud counterpart of this function and found this:
For some reason, this endpoint requires ADMIN scope for Connect apps. Why is that? The function provided here doesn’t update any data on Jira and certainly does not update any Jira configuration. It provides a basic security function. It should be possible to use this with just READ scope.
I am hoping to get comments from Atlassian people.