Configure Teamwork Graph CLI permissions
現在、このエクスペリエンスはベータ版です。
Who can do this? |
Permission scopes control what the Teamwork Graph CLI can do across your connected tools — essentially, what it can read, write, and delete.
Configuring permissions correctly lets you give teams the access they need for automation and integrations while protecting sensitive data in your organization.
More on managing your permissions settings
Understand different permission types
Teamwork Graph CLI uses three permission types. Each can be configured independently across your connected toolsets:
権限の種類 | What it controls | Default state |
|---|---|---|
読み取り | Allows the CLI to retrieve data from your connected apps and the Teamwork Graph. For example, fetching Jira work items or Confluence pages. | Allow all |
書き込み | Allows the CLI to create or edit objects in your connected apps. For example, creating Jira work items or updating Confluence pages. | Allow all |
削除 | Allows the CLI to delete objects in your connected apps. | Allow all |
Use write and delete access with caution
When write and delete access is enabled, users can create, edit, or delete objects in your Atlassian apps, such as Jira work items and Confluence pages, using the CLI.
Only enable write and delete access for the toolsets your organization genuinely needs.
Change permission scopes
For each permission type, you can set the scope to:
Allow all: The CLI can use this permission with all current and future toolsets.
Allow selected: The CLI can use this permission only with the toolsets you choose.
Allow none: The CLI is blocked from using this permission with any toolset.
To change permission scopes:
アトラシアンの管理に移動します。複数の組織がある場合は、対象の組織を選択します。
In the sidebar, select Rovo, then select Teamwork Graph CLI.
Under Permissions, find the permission type you want to configure.
In the Scope column, select Allow all, Allow selected, or Allow none.
If you selected Allow selected, choose the individual toolsets to allow.
Repeat for any other permission types.
[保存] を選択します。
After you save a scope change, new and existing CLI sessions must follow the updated permissions immediately. Commands that no longer match an allowed scope are blocked.
Server-side enforcement
Permission scopes are enforced on the server side by Atlassian. This means they can't be bypassed by modifying the CLI binary or local configuration.
When a command is sent, Atlassian checks the permission scopes configured for your organization before returning any data or performing any action. If the scope doesn't allow the request, the command is rejected.
IP and location allowlists configured in your Atlassian organization also apply to CLI requests. If a request originates from a blocked IP address, it's rejected regardless of the user's permission scopes.
A blocked command will appear as restricted and you’ll need to reauthenticate.
この内容はお役に立ちましたか?