• Products
  • Documentation
  • Resources

App access rule coverage summary for Jira Cloud

App access rule data blocking is an early access feature and subject to change. It is available only to participants in the Early Access Program (EAP).

This document is a work in progress and Atlassian will be making updates in the days to come.

App access rule coverage summary for Jira Cloud

Using app access rules, customers can customize and extend Jira Software, Jira Service Management, and Jira Work Management while maintaining control over app access to certain content in specific spaces.

This page should be read along with App access rule coverage summary | Atlassian Support, which provides an overview of the types of apps and content that is blocked or not blocked by an app access rule.

The sections below provide a summary of app functionality that is blocked and not blocked by an app access rule for the following Jira products:

  • Jira Software - See Jira Cloud and Jira Software

  • Jira Service Management - See Jira Cloud and Jira Service Management

  • Jira Work Management - See Jira Cloud

Jira Cloud

You can create an app access rule to limit an app’s ability to access and modify certain data in a Jira project—particularly user-generated content.

Apps blocked by an app access rule may still take other actions that do not directly interact with user-generated content, such as changing the look and feel of Jira. Global admin permissions may still be required to run certain apps. For example, if a Jira user does not have admin permissions, they can’t use an app to perform administrative functions like adding users.

While they may indirectly impact issue data, shared configuration, including things like workflows, permission schemes, and issue security schemes, are not blocked by app access rule.

To view a detailed list of the app functionality that is blocked or still allowed (not blocked) when an access rule applies, see App Access for Jira Cloud REST APIs.

Jira app actions blocked by the app access rule

The following commonly-used Jira functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs .

Projects

  • creating or deleting a project, or updating project details

  • creating, reading, or deleting a project version, or merging two project versions

  • creating or reading project components, features, issue security levels, properties, or roles

Board

  • creating or deleting a board

  • getting lists of board-related data items, including boards, board versions, sprints, epics, issues, issues belonging to a sprint, issues that belong to an epic

  • moving issues within a board, or between board and backlog

Issues

  • creating, reading, updating, or deleting issues

  • assigning, transitioning, or exporting issues

  • archiving or unarchiving issues, or interacting with archived issues

  • creating, reading, updating, or deleting any of the following issue-related items

    • attachments

    • comments and comment properties

    • custom field configuration, options, and field values (apps)

    • fields (see below for certain exceptions regarding custom fields)

    • links, properties, remote links, votes, and watchers

    • Issue search

    • worklog properties

    • worklogsFilters

Jira expressions and JQL

  • evaluating a Jira expression

  • sanitising or parsing JQL

  • returning autocomplete suggestions by JQL

Labels

  • reading labels

Permissions

  • reading the permissions of a user

Sprints

  • creating, reading, updating, or deleting a sprint

  • returning a list of issues in a sprint

  • moving issues into a sprint

  • reading or updating properties for a sprint

  • finding users with specific permissions

  • finding users by query, such as returning a list of all users who are reporters of issues in project PROJ, or who have commented on any of the specified issues

  • finding users that can be assigned to a specific project or issue

Jira app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs .

Announcement banner

  • reading or updating the announcement banner configuration

Application roles

  • reading application roles

Audit records

  • reading audit records

Avatars

  • reading or deleting system avatars

  • reading avatar images

Dashboards

  • creating, reading, updating, or deleting dashboards and dashboard item properties

  • adding, reading, updating, or removing gadgets from dashboards

  • searching for dashboards

  • copying dashboards

Filters

  • reading or setting the default share scope for filters and dashboards, for a user

  • reading or deleting filters

Groups

  • creating, reading, or deleting groups

  • finding groups and their users

  • adding, removing, and reading users in groups

  • Issue custom fields

    • creating, reading, updating, or deleting issue custom field contexts

    • adding, removing or reading default values, issue types, project mappings from custom field contexts

    • creating, reading, updating, deleting, or reordering custom field options

  • Issue field configurations

    • creating, reading, updating, or deleting field configurations and field configuration schemes

    • adding, removing, or reading issue types to/from field configurations

    • assigning a field configuration scheme to projects

  • Issue fields

    • returning a list of fields and their properties such as whether they can be used for sorting or issue navigation

    • creating, updating, or deleting custom fields

    • moving a custom field to trash, or restore it from trash

  • Issue link types

    • creating, reading, updating, or deleting issue link types

  • Issue navigator settings

    • setting or reading issue navigator settings

  • Issue notification schemes

    • creating, reading, updating, or deleting notification schemes

    • adding or removing notifications from a notification scheme

    • returning a list of projects using a notification scheme

  • Issue priorities

    • creating, reading, updating, deleting, or searching priorities

    • moving priorities

  • Issue resolutions

    • creating, reading, updating, deleting, or searching issue resolutions

    • moving issue resolutions

  • Issue security schemes and levels

    • creating, reading, updating, deleting, or searching issue security schemes

    • associating issue security schemes with projects

    • reading issue security schemes associated with projects

    • adding, reading, or updating issue security levels

    • adding, reading, or removing members to/from issue security levels

  • returning a list of users who are watching an issue

  • listing IDs of deleted worklogs

  • returning all issue events

  • creating, reading, updating, or deleting UI modifications that customize the appearance and behavior of specified fields on issue create and issue view pages for a specified issue type or project ID

Issue types and issue type schemes

  • creating, reading, updating, or deleting issue types

  • storing images to be used as issue type avatars

  • Issue type properties

    • reading, updating, or deleting issue type properties

  • Issue type schemes

    • creating, reading, updating, or deleting issue type schemes

    • adding or removing issue types from issue type schemes

    • reading issue type scheme items

    • assigning an issue type scheme to a project

  • Issue type screen schemes

    • creating, reading, updating, or deleting issue type screen schemes

    • adding or removing mappings to issue type screen schemes

    • assigning issue type screen schemes to projects

Jira expressions

  • analyzing Jira programmatic expressions that are used by some apps to access Jira objects, and returning information about the expression’s validity and complexity

Jira settings

  • reading or updating application properties

  • reading global settings, such as which Jira features are enabled

  • reading Jira attachment settings

JQL

  • returning JQL reference documentation for fields

  • reading or updating precomputed values used in JQL searches

  • converting user identifiers to account IDs in JQL queries

License metrics

  • reading details of the Jira license, including the list of applications such as Jira Cloud or Jira Software included in the license

  • reading licensed user counts

Local user (myself)

  • reading current user or locale

  • reading, updating, or deleting user preferences

Permissions

  • reading global and project permissions

  • returning a list of projects that the specified user has permission to

  • creating, reading, updating, or deleting permission schemes

  • creating, reading, or deleting permission scheme grants

Projects

  • archiving or restoring a project

  • reading statuses for a project

  • reading project notification scheme

  • Project avatars

    • creating, reading, updating, or deleting project avatars

  • Project categories

    • creating, reading, updating, or deleting project categories

  • Project components

    • creating, reading, and updating project components

  • Project email

    • reading or setting the project’s sender email

  • Project key and name validation

    • reading a project name or key

    • validating a project key

  • Project permission schemes

    • assigning a permission scheme to project

    • reading the permission scheme assigned to project

  • Project properties

    • reading or deleting project properties

  • Project role actors

    • adding, reading, and deleting actors or default actors to/from a project role

  • Project roles

    • creating, reading, updating, or deleting project roles

  • Project types

    • reading project types

  • Project versions

    • creating, reading, or moving project version

    • creating, reading, updating, or deleting related work

Screens, screen schemes, and screen tabs

  • creating, reading, updating, or deleting:

    • screens

    • screen schemes

    • screen tabs

  • reading, moving, adding, or removing fields from screen tabs

  • moving the position of a screen tab in the list of tabs

Server info

  • reading Jira instance info such as the site’s URL, Jira version, and timezone

Status

  • creating, reading, updating, deleting, or searching the statuses that can be applied to issues

Tasks

  • reading the status of a long-running task or cancelling a task

Time tracking

  • reading or selecting the app used as the time tracking provider

  • updating time tracking settings such as working hours per week or default time format

User management

  • creating, reading, updating, or deleting users

  • reading, setting, and resetting the default “issue view” columns for a user

  • performing the following actions related to user properties

    • reading, setting, or deleting user properties

    • listing the defined user property keys

  • searching for users

Webhooks

  • registering and deleting types of webhooks

  • listing the webhooks registered by the app

Workflows and workflow schemes

  • creating, reading, updating, or deleting workflows

  • validating workflows

  • performing the following actions on workflow schemes

    • creating, reading, updating, or deleting workflow schemes or draft workflow schemes

    • reading and updating the associations between issue types and workflows in a workflow scheme or draft workflow scheme

    • publishing a draft workflow scheme

    • creating, reading, updating, or deleting the draft default workflow

    • assigning a workflow scheme to a project

    • reading workflow schemes assigned to the specified project

  • reading workflow statuses and status categories

  • creating, reading, updating, or deleting workflow transition properties

  • reading, updating, or deleting workflow transition rules

Jira Service Management

Jira Service Management app actions blocked by the app access rule

The following commonly-used Jira Service Management functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs .

Organisation

  • adding, returning, or removing organisations to/from a service desk

Request

  • creating customer requests

  • subscribing or unsubscribing to or from a request

  • adding, reading, or removing participants to or from a request

  • posting, reading, or deleting feedback to or from a customer request

  • performing or reading customer transitions

  • reading or answering approvals

  • creating or reading attachments

  • returning comments, comment attachments, request types, SLA information or subscription status

Service desk

  • creating, reading, or deleting request types

  • adding, reading, or removing customers to or from a service desk

  • returning service desk details, request types, queues, issues in a queue, or details of a request type property

Jira Service Management app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira Service Management functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs .

Assets

  • returning assets workspaces

Customer

  • creating a customer

Information

  • returning information about Jira Service Management, such as version, builds etc

  • returning knowledgebase articles

Organisation

  • creating, returning, or deleting organisations

  • adding, returning, or removing users to or from organisations

  • setting, returning, or deleting properties of organisations

Servicedesk

  • setting or deleting properties of servicedesks

  • returning service desks a user has access to

Jira Software

Jira Software app actions blocked by the app access rule

The following commonly-used Jira Software functionality is blocked when an app is blocked by the app access rule. For the full list of blocked functionality see App Access for Jira Cloud REST APIs .

Board

  • creating, reading, updating, or removing boards

  • listing boards

  • moving issues to and from a board

  • setting, reading, or deleting a board property

  • toggling features

  • listing sprints, versions, projects, epics, or issues associated with a board

  • returning the filters, configuration, properties, and reports for a board

Epic

  • reading an epic

  • moving issues to or from an epic

  • listing issues in an epic

  • ranking epics according to their importance

  • searching epics

Issue

  • reading issues or their estimations

  • estimating and ranking issues

Sprint

  • creating, reading, or deleting a sprint

  • listing the issues in a sprint

  • setting, reading, or deleting sprint properties

  • reordering sprint positions on a board

Jira Software app actions not blocked by the app access rule

There are some elements of product functionality and data that you cannot block with an app access rule. Generally, these are related to system-compiled or general data, or shared configuration such as permission schemes or workflows.

The following commonly-used Jira Software functionality is not blocked when an app is blocked by the app access rule. For the full list of app functionality that cannot be blocked by an app access rule see App Access for Jira Cloud REST APIs.

Board

  • listing boards that use the specified data filter

  • listing property keys (names) defined for the specified board

Sprint

  • updating a sprint, including closing an active sprint

  • listing property keys (names) defined for the specified sprint

Related links:

 

Additional Help