Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is "applicationRole" in Permission Schemes?

Mykenna Cepek
Mykenna Cepek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2024

When I use call the Jira REST API for PermissionScheme like so:

https://jira.xyz.com/rest/api/latest/permissionscheme?expand=permissions

...some of the results look like this:

{ "id": 11671,
  "self": "https://jira.xyz.com/rest/api/2/permissionscheme/10200/permission/11671",
  "holder":
  { "type": "applicationRole"
  },
  "permission": "DELETE_OWN_COMMENTS"
},

What is "applicationRole"?

Other results in that same API response make sense, like these;

{ "id": 12298,
  "self": "https://jira.xyz.com/rest/api/2/permissionscheme/0/permission/12298",
  "holder":
  { "type": "projectRole",
    "parameter": "10001",
    "expand": "projectRole"
  },
  "permission": "EDIT_OWN_WORKLOGS"
},
{ "id": 12299,
  "self": "https://jira.xyz.com/rest/api/2/permissionscheme/0/permission/12299",
  "holder":
  { "type": "group",
    "parameter": "jira-administrators",
    "expand": "group"
  },
  "permission": "DELETE_ALL_COMMENTS"
},

The first one indicates a permission granted to specific Roles for a Project.

The second one shows a permission granted to a specific Jira user Group.

I also see "holders" with only a "type" of "assignee" or "projectLead", and those are pretty self explanatory.

But what is "applicationRole"?

Answer
Watch
Like # people like this
560 views

2 answers

1 accepted

1 vote
Answer accepted
Hana Kučerová
Hana Kučerová
Community Champion
July 13, 2024

Hi @Mykenna Cepek ,

permission can be granted to Application access - there are options

  • Any logged in user
  • Jira Service Management
  • Jira Software

In your case applicationRole = Any logged in user as there are no additional parameters

 

View More Comments
Mykenna Cepek
Mykenna Cepek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2024

So are you saying that "applicationRole" with no additional parameters is the same as "anyone" or "group=jira-software-users"? If not, then please clarify. I'm not understanding "granted to Application access ... [with] options".

In my example above, the question is "who in Jira has access to DELETE_OWN_COMMENTS?" -- and "Jira Software" as an "applicationRole" doesn't seem to answer that question.

Like
Hana Kučerová
Hana Kučerová
Community Champion
July 15, 2024

@Mykenna Cepek 

When you want to add permission to some permission scheme, you can select item "Application access" and there is select field with the options I mentioned before.

application_access.png

 

 

So, I'm saying that "applicationRole" with no additional parameters means "Any logged in user" = user with any license (both JSM agents and JSW users, but not JSM customers). 

For example if you have both JSM and JSW installed, then all the users with any license (JSW OR JSM OR both).

If you have only JSW installed, then it is the same as Application access with option Jira Sofware - all the users with the JSW license.

It depends on how Jira's application access is configured, it doesn't neccessary means group jira-software-users. There can be other/different groups, which adds users the product license.

 

Like
Mykenna Cepek
Mykenna Cepek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 26, 2024

So it sounds like a Permission granted to "Application access" will be granted to all users of the related application (the one listed, or if none is listed the application being used, Jira Software in my original post).

It also doesn't sound necessary, if a Permission Scheme is being carefully crafted to use Groups and Roles. To me it sounds like it was a convenience to leverage the default Group for an application, so that new installs and noob admins didn't lose access early in their use of the new product.

More Server/Data Center documentation, if you too want to go down the rabbit hole:

Like
Reply
1 vote
Nicolas Grossi
Nicolas Grossi
Banned
July 13, 2024

@Mykenna Cepek You might take a look at the API spec: https://docs.atlassian.com/software/jira/docs/api/7.2.1/com/atlassian/jira/application/ApplicationRole.html

 

HTH

Nicolas

View More Comments
Mykenna Cepek
Mykenna Cepek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2024

That API description says (only):

Represents an Application Role in JIRA. An application role defines which users (indirectly through groups) can access an application.

An ApplicationRole is defined by a JIRA plugin through it's module configuration. An ApplicationRole is regarded as licensed when there is a (potentially exceeded) license present in JIRA that provides user seats for the ApplicationRole that is uniquely identified by an ApplicationKey.

The context of my question is "applicationRole" as a value in a Permission Scheme element. The JSON from the Jira REST API (above) intends to tell me who (precisely) has access to DELETE_OWN_COMMENTS. I want to know what users can perform that action.

The JSON shows only that "ApplicationRole" is specified, no users or groups are specified or even which application. I'm not seeing how this API documentation helps clarify my original question.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.