Breadcrumbs

Required permissions for Togetha Feedback in Jira

Togetha Feedback in Jira requests the following permissions when you install it. Each scope is justified below.

Forge scopes

Scope

Why we need it

storage:app

Persisting forms, fields, mappings, and submissions in the app's managed Forge SQL database. No data leaves Atlassian Cloud.

read:jira-work

Reading the Jira space list and work item type / field metadata when configuring form mappings, and resolving linked work items shown in the submissions list.

write:jira-work

Creating Jira work items from accepted submissions when the form is mapped to a Jira space.

read:jira-user

Resolving the current user (display name) and looking up Jira groups for the Admin Group picker.

manage:jira-configuration

Listing custom fields available on issue types so the field-mapping table can offer them.

These scopes are fixed in the app's manifest and apply to every install.

Jira-admin vs Feedback-admin

Two admin tiers are recognised:

  • Jira site administrators always have admin access to Togetha Feedback, irrespective of any group configuration. This guarantees that even a misconfigured Admin Group can be recovered.

  • Feedback admins, any user who is a member of one of the Jira groups configured in the Admin Groups setting (see Initial configuration).

Non-admin users only see what's explicitly available to them: the Submit tab on the Feedback page and any forms whose visibility includes their groups.

Group-restricted forms

A form can be restricted to specific Jira groups. When restricted:

  • The form does not appear in the Submit tab's form list for users outside the configured groups.

  • Direct submission attempts (e.g. via a saved deep link) are refused server-side. Group membership is checked at submit time, not just at list time.

  • Group membership for the current user is read at request time using read:jira-user.

Anonymous submissions

When a form is flagged as Allow anonymous submissions:

  • The submitter's accountId is not stored against the submission.

  • Admins reviewing the submission see no link to the submitter.

  • The submission timestamp and field values are stored normally, only the identity attribution is suppressed.

Anonymous mode does not change network or storage behaviour: submissions still travel through Atlassian's servers and are stored in the Forge SQL database.