• Documentation

Configure Atlassian Rovo MCP server permission

‌As an organization admin, you use the Permissions tab within the Admin settings to control what data the Atlassian Rovo MCP server can read, write, and search across your organization’s Atlassian apps and connected tools. You can turn permissions on or off from the table, or open Edit details to choose more specific permissions.

The Permissions tab found via Atlassian Administration > Rovo > Rovo MCP server is now the primary way to control what the MCP server can access across your organization. Going forward, permissions configured here will take precedence over settings in Connected Apps or individual app permissions in Marketplace. To restrict or allow specific actions — such as preventing the MCP server from creating or editing content — use the Permissions tab.

Learn more about tools supported by Atlassian Rovo MCP server

What you can configure

Permission

What it controls

Read

Whether the server can view and read data from Atlassian apps

Write

Whether the server can create and modify data in Atlassian apps

Search

Whether the server can search data across Atlassian apps

Status in the table

Status

Meaning

Allowed

The setting is on for all relevant permissions

Blocked

The setting is off for all relevant permissions

Partially allowed

The setting is on for some permissions but not all

Change permissions from the table

Step 1. Open Permissions

  1. In Administration, open Atlassian Rovo MCP server for your organization.

  2. Select the Permissions tab.

Step 2. Review Read, Write, and Search

  1. Check the Status column for each permission.

  2. Use the row checkboxes to turn a permission type on or off for all permissions where the UI allows it, or use Select all permissions in the header when you want to apply a bulk change.

Apply to future additions: When you allow an intent, that access is automatically granted to any new permissions that request the same permission. New permissions won’t require manual review by admins and will be available to users as soon as they’re added. Admins can change this behavior at any time in the “Edit details” modal.

If an update fails, try refreshing the page. If the problem continues, contact Atlassian Support.

Edit permissions per app (Edit details)

Use Edit details when you need different settings per app (for example Jira vs Confluence).

Step 1. Open Edit details

  1. On the Permissions tab, find the permission type (Read, Write, or Search).

  2. Select Edit details.

Step 2. Choose apps (permissions)

  1. In the modal, review each app row and use the checkboxes to allow or block that permission for that app.

  2. Optionally turn on Allow all, apply permissions to future additions automatically so new apps or permission sets inherit these settings. (Confirm final in-product wording.)

This Apply to future additions control is the same idea as turning the permission on from the main table row checkbox: both mean new permission for that intent will receive access unless you change the setting again.

Step 3. Save and dismiss

  1. Save your changes in the modal.

  2. Read the confirmation banner and dismiss it with Understood when you're done.

What users see when a permission is blocked

When a permission is blocked, users connecting through an AI client (such as Claude, Cursor, or another MCP-compatible tool) will see the following error message:

Access denied: Your organization admin has not authorized the [permission name] permission.

For example: Access denied: Your organization admin has not authorized the write permission.

If users report this error, check the Permissions tab to confirm the relevant permission is set to Allowed. Changes take effect immediately — no restart or reconnection is required.

FAQ

This section lists the exact error messages that users or admins may encounter as a result of this change.

End-user facing errors (shown in AI client e.g. Claude, Cursor)

Q: A user reports they can't use a tool and sees an error. What does it say?

There are three possible error messages depending on the scenario:

Scenario

Exact error message

A toolset is blocked by the org admin

Access denied: Your organization admin has not authorized the [permission name] permission. e.g. Access denied: Your organization admin has not authorized the write permission.

The user's org cannot be determined (e.g. account not mapped to an org)

We are having trouble verifying your organization permissions. Please try again shortly.

A transient backend error occurred during the permission check

We are having trouble completing this action. Please try again shortly.

Resolution for each:

  • "Access denied: Your organization admin has not authorized..." — The admin needs to go to Atlassian Administration > Atlassian Rovo MCP server > Permissions and set the relevant permission to Allowed. Changes take effect immediately.

  • "We are having trouble verifying your organization permissions..." — Confirm the user's Atlassian account is associated with the correct organization. If the issue persists, escalate to engineering.

  • "We are having trouble completing this action..." — Ask the user to retry. If persistent, contact Atlassian Support.

Admin-facing errors (shown in Atlassian Administration UI)

These are the exact error messages an org admin may see in the Atlassian Administration UI when managing the Rovo MCP Server Permissions tab.

Permissions tab — loading error

Shown as a full-page empty state when the Permissions tab fails to load toolset data (e.g. network or API error):

Scenario

Title

Body

Permissions tab fails to load

We're not sure what went wrong

Try refreshing the page. If this keeps happening, contact support.

Permissions tab — toggle / save errors

Shown as a flag (toast notification) when an admin tries to enable or block a permission row (Read, Write, Search) and the mutation fails, or when saving changes in the "Edit details" modal fails:

Scenario

Flag title

Flag body

Toggling a permission (Read/Write/Search) on or off fails

We're unable to update permissions

Try refreshing the page. If this keeps happening, contact support.

Saving changes in the "Edit details" modal (per-product toolset configuration) fails

We're unable to update permissions

Try refreshing the page. If this keeps happening, contact support.

Resolution: Ask the admin to refresh the page and try again. If the problem persists, contact Atlassian Support.

Other policy-related errors (not specific to toolset enforcement)

These may be seen by users in other scenarios and should not be confused with toolset permission errors:

Scenario

Exact error message

User connecting from a blocked IP address

You don't have permission to connect from this IP address. Please ask your organization admin for access.

User connecting via a disallowed auth method (e.g. API token when headless auth is blocked)

You don't have permission to connect via [auth method]. Please ask your organization admin for access.

Redirect URI not on the org's allowlist

Access denied: Your organization admin must authorize access from [redirect URI] to cloudId: [cloudId]. Contact your organization admin to authorize this access.

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageWhat you can configureStatus in the tableChange permissions from the tableStep 1. Open PermissionsStep 2. Review Read, Write, and SearchEdit permissions per app (Edit details)Step 1. Open Edit detailsStep 2. Choose apps (permissions)Step 3. Save and dismissWhat users see when a permission is blockedFAQEnd-user facing errors (shown in AI client e.g. Claude, Cursor)Admin-facing errors (shown in Atlassian Administration UI)Other policy-related errors (not specific to toolset enforcement)
CommunityQuestions, discussions, and articles