Marketplace and custom app access control coverage summary for Jira Cloud

Using the Marketplace and custom app access control, customers can customize and extend Jira, and Jira Service Management while maintaining control over Marketplace, custom, and other third-party app access to certain content in specific spaces.

This page should be read along with Marketplace and custom app access control coverage summary, which provides an overview of the types of Marketplace and custom apps and content that are blocked or not blocked by the Marketplace and custom app access control.

The sections below provide a summary of Marketplace and custom app functionality that is blocked and not blocked by the Marketplace and custom app access control for the following Jira apps:

• Jira - See Jira Cloud and Jira. Previous users of the ProForma Marketplace app who currently use forms, also see Forms.

• Jira Service Management - See Jira Cloud, Jira Service Management, and Forms.

Jira Cloud

You can use the Marketplace and custom app access control to limit an installed app’s ability to access and modify certain data in a Jira space—particularly user-generated content.

Apps blocked by the Marketplace and custom app access control may still take other actions that do not directly interact with user-generated content, such as changing the look and feel of Jira. Global admin permissions may still be required to run certain Marketplace or custom apps. For example, if a Jira user does not have admin permissions, they can’t use an installed app to perform administrative functions like adding users.

While they may indirectly impact work item data, shared configuration, including things like workflows, permission schemes, and work items security schemes, are not blocked by the Marketplace and custom app access control.

To view a detailed list of the Marketplace and custom app functionality that is blocked or still allowed (not blocked) when the Marketplace and custom app access control applies, see App Access for Jira Cloud REST APIs.

Jira actions blocked by the Marketplace and custom access contrl

The following commonly-used Jira functionality is blocked when an installed app is blocked by the Marketplace and custom app access control. For the full list of blocked functionality, see App Access for Jira Cloud REST APIs.

Spaces

• reading space work item security levels or unresolved work item count

• deleting a space

Board

• creating or deleting a board

• getting lists of board-related data items, including boards, board versions, sprints, epics, work items, work items belonging to a sprint, work items that belong to an epic

• moving work items within a board, or between board and backlog

Work items

• creating, reading, updating, or deleting work items

• assigning, transitioning, or exporting work items

• archiving or unarchiving work items, or interacting with archived work items

• creating, reading, updating, or deleting any of the following work item-related items

  • attachments

  • comments and comment properties

  • custom field configuration, options, and field values (third-party apps)

  • fields (see below for certain exceptions regarding custom fields)

  • links, properties, remote links, votes, and watchers

  • work item search

  • worklog properties

  • worklogsFilters

Jira expressions and JQL

• evaluating an expression

• sanitising or parsing JQL

• returning autocomplete suggestions by JQL

Labels

• reading labels

Permissions

• reading the permissions of a user

Sprints

• creating, reading, updating, or deleting a sprint

• returning a list of work items in a sprint

• moving work items into a sprint

• reading or updating properties for a sprint

User search

• finding users with specific permissions

• finding users by query, such as returning a list of all users who are reporters of work items in space PROJ, or who have commented on any of the specified work items

• finding users that can be assigned to a specific space or work items

Jira actions not blocked by the Marketplace and custom app access control

There are some elements of app functionality and data that you cannot block with the Marketplace and custom app access control. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an installed app is blocked by the Marketplace and custom app access control. For the full list of functionality that cannot be blocked by a Marketplace and custom app access control, see App Access for Jira Cloud REST APIs.

Announcement banner

• reading or updating the announcement banner configuration

App roles

• reading app roles

Audit records

• reading audit records

Avatars

• reading or deleting system avatars

• reading avatar images

Dashboards

• creating, reading, updating, or deleting dashboards and dashboard item properties

• adding, reading, updating, or removing gadgets from dashboards

• searching for dashboards

• copying dashboards

Filters

• reading or setting the default share scope for filters and dashboards, for a user

• reading or deleting filters

Groups

• creating, reading, or deleting groups

• finding groups and their users

• adding, removing, and reading users in groups

Work itmes and work item-related schemes

• Work item custom fields

  • creating, reading, updating, or deleting work item custom field contexts

  • adding, removing or reading default values, work item types, space mappings from custom field contexts

  • creating, reading, updating, deleting, or reordering custom field options

• Work item field configurations

  • creating, reading, updating, or deleting field configurations and field configuration schemes

  • adding, removing, or reading work item types to/from field configurations

  • assigning a field configuration scheme to spaces

• Work items fields

  • returning a list of fields and their properties such as whether they can be used for sorting or work item navigation

  • creating, updating, or deleting custom fields

  • moving a custom field to trash, or restore it from trash

• Work item link types

  • creating, reading, updating, or deleting work item link types

• Work item navigator settings

  • setting or reading work item navigator settings

• Work item notification schemes

  • creating, reading, updating, or deleting notification schemes

  • adding or removing notifications from a notification scheme

  • returning a list of spaces using a notification scheme

• Work item priorities

  • creating, reading, updating, deleting, or searching priorities

  • moving priorities

• Work item resolutions

  • creating, reading, updating, deleting, or searching work item resolutions

  • moving work item resolutions

• Work item security schemes and levels

  • creating, reading, updating, deleting, or searching work item security schemes

  • associating work item security schemes with spaces

  • reading work item security schemes associated with spaces

  • adding, reading, or updating work item security levels

  • adding, reading, or removing members to/from work item security levels

• returning a list of users who are watching a work item

• listing IDs of deleted worklogs

• returning all work item events

• creating, reading, updating, or deleting UI modifications that customize the appearance and behavior of specified fields on work item create and work item view pages for a specified work item type or space ID

Work item types and work item type schemes

• creating, reading, updating, or deleting work item types

• storing images to be used as work item type avatars

• Work item type properties

  • reading, updating, or deleting work item type properties

• Work item type schemes

  • creating, reading, updating, or deleting work item type schemes

  • adding or removing work item types from work item type schemes

  • reading work item type scheme items

  • assigning a work item type scheme to a space

• Work item type screen schemes

  • creating, reading, updating, or deleting work items type screen schemes

  • adding or removing mappings to work item type screen schemes

  • assigning work items type screen schemes to spaces

Jira expressions

• analyzing Jira programmatic expressions that are used by some Marketplace and custom apps to access Jira objects, and returning information about the expression’s validity and complexity

Jira settings

• reading or updating app properties

• reading global settings, such as which Jira features are enabled

• reading Jira attachment settings

JQL

• returning JQL reference documentation for fields

• reading or updating precomputed values used in JQL searches

• converting user identifiers to account IDs in JQL queries

License metrics

• reading details of the license, including the list of apps, such as Jira, included in the license

• reading licensed user counts

Local user (myself)

• reading current user or locale

• reading, updating, or deleting user preferences

Permissions

• reading global and space permissions

• returning a list of spaces that the specified user has permission to

• creating, reading, updating, or deleting permission schemes

• creating, reading, or deleting permission scheme grants

Spaces

• creating, archiving, or restoring a space

• updating space details

• reading statuses for a space

• reading space notification scheme

• space avatars

  • creating, reading, updating, or deleting space avatars

• space categories

  • creating, reading, updating, or deleting space categories

• space components

  • creating, reading, and updating space components

• space email

  • reading or setting the space’s sender email

• space features

  • creating or reading space features

• space work item security levels

  • setting work item security levels for the space

• space key and name validation

  • reading a space name or key

  • validating a space key

• space permission schemes

  • assigning a permission scheme to space

  • reading the permission scheme assigned to space

• space properties

  • setting, reading, or deleting space properties

  • reading a list of property keys

• space role actors

  • adding, reading, and deleting actors or default actors to/from a space role

• space roles

  • creating, reading, updating, or deleting space roles

• space types

  • reading space types

• space versions

  • creating, reading, or moving space version

  • creating, reading, updating, or deleting related work

Screens, screen schemes, and screen tabs

• creating, reading, updating, or deleting:

  • screens

  • screen schemes

  • screen tabs

• reading, moving, adding, or removing fields from screen tabs

• moving the position of a screen tab in the list of tabs

Server info

• reading Jira instance info such as the site’s URL, version, and timezone

Status

• creating, reading, updating, deleting, or searching the statuses that can be applied to work items

Tasks

• reading the status of a long-running task or cancelling a task

Time tracking

• reading or selecting the Marketplace or custom app used as the time tracking provider

• updating time tracking settings such as working hours per week or default time format

User management

• creating, reading, updating, or deleting users

• reading, setting, and resetting the default “work item view” columns for a user

• performing the following actions related to user properties

  • reading, setting, or deleting user properties

  • listing the defined user property keys

• searching for users

Webhooks

• registering and deleting types of webhooks

• listing the webhooks registered by the Marketplace or custom app

Workflows and workflow schemes

• creating, reading, updating, or deleting workflows

• validating workflows

• performing the following actions on workflow schemes

  • creating, reading, updating, or deleting workflow schemes or draft workflow schemes

  • reading and updating the associations between work item types and workflows in a workflow scheme or draft workflow scheme

  • publishing a draft workflow scheme

  • creating, reading, updating, or deleting the draft default workflow

  • assigning a workflow scheme to a space

  • reading workflow schemes assigned to the specified space

• reading workflow statuses and status categories

• creating, reading, updating, or deleting workflow transition properties

• reading, updating, or deleting workflow transition rules

Jira Service Management

Jira Service Management actions blocked by the Marketplace and custom app access control

The following commonly-used Jira Service Management functionality is blocked when an installed app is blocked by the Marketplace and custom app access control. For the full list of blocked functionality, see App Access for Jira Cloud REST APIs.

Organization

• adding, returning, or removing organizations to/from a service desk

Request

• creating customer requests

• subscribing or unsubscribing to or from a request

• adding, reading, or removing participants to or from a request

• posting, reading, or deleting feedback to or from a customer request

• performing or reading customer transitions

• reading or answering approvals

• creating or reading attachments

• returning comments, comment attachments, request types, SLA information or subscription status

Service desk

• creating, reading, or deleting request types

• adding, reading, or removing customers to or from a service desk

• returning service desk details, request types, queues, work items in a queue, or details of a request type property

Jira Service Managementactions not blocked by the Marketplace and custom app access control

There are some elements of app functionality and data that you cannot block with the Marketplace and custom app access contrl. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira Service Management functionality is not blocked when an installed app is blocked by the Marketplace and custom app access control. For the full list of functionality that cannot be blocked by the Marketplace and custom app access control, see App Access for Jira Cloud REST APIs.

Assets

• returning assets workspaces

Customer

• creating a customer

Information

• returning information about Jira Service Management, such as version, builds etc

• returning knowledgebase articles

Organization

• creating, returning, or deleting organizations

• adding, returning, or removing users to or from organizations

• setting, returning, or deleting properties of organizations

Servicedesk

• setting or deleting properties of servicedesks

• returning service desks a user has access to

Jira

Jira actions blocked by the Marketplace and custom app access control

The following commonly-used Jira functionality is blocked when an installed app is blocked by the Marketplace and custom app access control. For the full list of blocked functionality, see App Access for Jira Cloud REST APIs.

Board

• moving work items to and from a board

• listing work items associated with a board

Epic

• listing work items in an epic

• listing work items without an epic

• moving work items to or from an epic

Work item

• reading work items or their estimations

• estimating and ranking work items

Sprint

• deleting a sprint

• getting work items for a sprint

• reading a sprint property

Jira actions not blocked by the Marketplace and custom app access control

There are some elements of app functionality and data that you cannot block with the Marketplace and custom app access control. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an installed is blocked by the Marketplace and custom app access control. For the full list of functionality that cannot be blocked by the Marketplace and custom app access control, see App Access for Jira Cloud REST APIs.

Board

• listing boards that use the specified data filter

• listing property keys (names) defined for the specified board

• creating, reading, updating, or removing boards

• listing boards

• setting, reading, or deleting a board property

• toggling features

• listing sprints, versions, spaces, or epics, associated with a board

• returning the filters, configuration, properties, and reports for a board

Epic

• reading an epic

• moving work items to or from an epic

• listing work items in an epic

• ranking epics according to their importance

• searching epics

Sprint

• updating a sprint, including closing an active sprint

• listing property keys (names) defined for the specified sprint

• creating, reading, or deleting a sprint

• setting or deleting sprint properties

• reordering sprint positions on a board

Development information

• getting and deleting a repository

• storing development information so that it can be accessed by Jira

• deleting development information

• checking if data exists for specified development information properties

Feature flags

• getting, setting, and deleting feature flags

Deployments

• storing deployment data so that it can be accessed by Jira

• getting and deleting deployment data

Builds

• storing build data so that it can be accessed by Jira

• getting and deleting build data

Remote links

• storing remote link data so that it can be accessed by Jira

• getting and deleting remote link data

Security information

• storing security workspace and vulnerability data so that it can be accessed by Jira

• getting and deleting linked security workspaces and vulnerability data

Operations

• storing operations workspace data so that it can be accessed by Jira

• getting and deleting operations workspace data

• storing incident or review data so that it can be accessed by Jira

• getting and deleting incident or review data

DevOps components

• storing DevOps components so that they can be associated with spaces in Jira

• getting and deleting DevOps components

Forms

Forms are available to all Jira Service Management customers.

Forms can also be used by Jira Cloud customers who previously used the ProForma Marketplace app.

Forms actions blocked by the Marketplace and custom app access control

The following commonly-used Forms functionality is blocked when an installed is blocked by the Marketplace and custom app access control. For the full list of blocked functionality, see App Access for Jira Cloud REST APIs.

Work item forms (internal forms)

• creating, reading, updating, or deleting a form for a work item

• getting a list of forms associated with a work item

• submitting, reopening or copying a form for a work items

• reading form attachments or Jira data linked to a form for a work items

• transforming form data into PDF, XLSX, or flat list format

• changing the form’s visibility in the customer portal

• exporting form data for a space

Customer request forms

• reading a form for a customer request

• getting a list of forms associated with a customer request

• saving form answers or submitting a form for a request

• transforming form data into PDF, XLSX, or flat list format

• reading form attachments or Jira data linked to a form for a customer request

Forms actions not blocked by the Marketplace and custom app access control

There are some elements of app functionality and data that you cannot block with the Marketplace and custom app access control. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an installed is blocked by the Marketplace and custom app access control. For the full list of functionality that cannot be blocked by the Marketplace and custom app access control, see App Access for Jira Cloud REST APIs.

Servicedesk (portal) forms

• read a servicedesk form template

• read external form data for a servicedesk form template

Form template management

• creating, reading, updating, or deleting a form template for a space

• getting a list of forms for a space
  
  

Related links:

• Marketplace and custom app access control coverage summary

• App Access for Jira Cloud REST APIs