Versions Compared

Old Version 4

changes.mady.by.user Andy Brook [Plugin People]

Saved on

compared with

New Version 5

changes.mady.by.user Denny Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page lists the scopes declared in the app manifest.yml, explaining why each scope is required. Forge scopes and permissions are explained in detail in https://developer.atlassian.com/platform/forge/manifest-reference/scopes-product-confluence/#classic-scopes.

Scopes

...

On top of per-app scopes and permissions, there are additional permissions that CSUMCloud expects the Privileged User () to have, to allow the user to perform specific operations (For example, the privileged user must have permission to remove group members from a space if they wish to use the ‘Remove User’ operation).

Scopes

Scopes

Why required

- storage:app

To allow App storage API (For Global Settings). Any setting stored are shown in System Admin Documentation

-

read:space:confluence

View Space Details

- write:space:confluence

Update Space details (Space Permissions)

- delete:space:confluence

Delete Space details

- read:space.permission:confluence

View space permissions.

- write:space.permission:confluence

Update space permissions.

- read:user:confluence

View user details.

- read:group:confluence

View group details

- write:group:confluence

Update group details, create and delete groups

- read:space.property:confluence

View Space properties

- write:space.property:confluence

Update Space Properties

- read:content.permission:confluence

Content permission checks

- read:configuration:confluence

Get Confluence Settings, baseURL, etc

- write:configuration:confluence

Update Confluence Settings

- read:space-details:confluence

View Space Details, SpaceKeys

- read:content-details:confluence

View Content Details, Properties

- write:confluence-groups

Write access on confluence groups

Permissions

Permission

Why required

- unsafe-inline

To allow inline styles

- "*.atlassian.net"

To grant access to Atlassian site, allows access of user profile icons (Upcoming Feature

manage:confluence-configuration

To allow view access for Confluence Global Settings. These include any global settings values, such as the System Info endpoint to allow Site base URL access (Used by the Privileged User to make site-internal fetch requests to perform space group operations).

Permissions

Permission

Why required

- unsafe-inline

To allow inline styles

- "*.atlassian.net"

To grant access to Atlassian site, allows access of user profile icons (Upcoming Feature)

Privileged User Permissions

The list below is a collective total of permissions required. Please see the table below for detailed information on the reasoning (and usages) for each permission.

  • Permission to access the Confluence site ('Can use' global permission).

  • Permission to access the Confluence site ('Can use' global permission). Only content that the user has permission to view will be returned.

  • User must be a site admin.

  • 'Admin' permission for the space.

    • This is a per-space requirement for each space you wish to use CSUMCloud with.

  • 'View' permission for the space.

    • This is a per-space requirement for each space you wish to use CSUMCloud with.

Any further scope and permission information explanation can be found in the related Confluence Cloud REST API documentation.

Permission

Why required

REST API

Permission to access the Confluence site ('Can use' global permission).

  • To retrieve the baseUrl of the site, allowing further

  • (This is primarily performed by the CSUMCloud app to allow the Privileged User to make the below requests).

Get System Info

User must be a site admin.

  • To search for Space Groups, allowing insight into group membership, and allowing user to select group for rename or deletion.

Search Groups by partial query

Permission to access the Confluence site ('Can use' global permission).

  • To view the group members of a selected space group

  • Used during Add/Remove group membership operations if a group has been selected to add/remove all members of a group into the selected space group.

Get Group Members

Permission to access the Confluence site ('Can use' global permission).

  • To retrieve a selected space group

Get Group

User must be a site admin.

  • To create a new space group

  • Used to create new space group during the ‘Rename Group' feature

Create Group

User must be a site admin.

  • To delete a selected space group

  • Used to delete the old space group during the ‘Delete Group’ feature

Delete Group

'View' permission for the space.

  • To retrieve the current space when accessing CSUMCloud through the SpaceSettings module.

Get Space

'View' permission for the space.

  • Used to copy over the Space Permissions to the renamed group during the ‘Rename Group’ feature.

Get Space Permissions

'Admin' permission for the space.

  • Used to copy over the Space Permissions to the renamed group during the ‘Rename Group’ feature.

Add Space Permission

User must be a site admin.

  • Used to add members to groups

Add User to Group

User must be a site admin.

  • Used to remove members from groups

Remove user from Group

Permission to access the Confluence site ('Can use' global permission). Only content that the user has permission to view will be returned.

  • Used to search for users during the Add/Remove user operations.

Search Users (Using CQL)