The atlassian-addons-project-access project role in Jira cloud
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
The atlassian-addons-project-access project role in Jira is a system role specifically designed for Connect add-ons that require permissions beyond just reading issues. It is automatically managed by Jira and cannot be modified by users, including administrators.
Solution
Project role visibility and anagement
In both team-managed and company-managed projects, the
atlassian-addons-project-accessrole is visible through the REST API but not directly manageable through the UIThe role is added to all permissions in security schemes once an app is installed
However, it can be removed from specific permissions like Browse projects to restrict app access
Users cannot update the members of this role as it is a system role managed by Jira
Even though the role is visible, users cannot select app users or the
atlassian-addons-project-accessgroup directly in the UI for project rolesFor instructions on adding users to this project role manually, please refer to our community post on the topic
Please note: We have an ongoing bug for the atlassian-addons-project-access Role being re-added to permissions even after it is removed manually. Please refer to: JRACLOUD-81601 - Any changes to atlassian-addon-project-access project role are overwritten on an app installation
How does the atlassian-addons-project-access role use project permissions?
When you install an app, Jira creates a corresponding ‘user’ who is assigned to the atlassian-addons-project-access role in each project. If you don’t want the app to have access to a project, you can remove it from the role. Additionally, Jira always respects app scopes over permissions. This means that apps only have access to the APIs defined by their scopes, and only have permission to perform the actions defined by their scopes.
We also discuss this role in a public doc: Add-on permissions update
"When you install or update an add-on, JIRA will automatically grant the add-on the correct permissions for its scope through the atlassian-addons-project-access role. It will also check the permissions of existing add-ons across all JIRA and JIRA Service Desk projects, and grant them the correct permissions as well."
Check role via API
The role can be queried using the REST API to get project roles for both team-managed and company-managed projects
Attempts to add actors to this role via the REST API will result in an error, as it is forbidden to update this system role
Can I interact with users created by apps?
App users can be mentioned in comments and descriptions but cannot be set as reporters for issues
Notification schemes allow selecting app users, but they cannot be selected from the issue view
Was this helpful?