Versions Compared

Old Version 17

changes.mady.by.user Björn Brynjar Jónsson

Saved on

compared with

New Version Current

changes.mady.by.user Björn Brynjar Jónsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

“Allow access” prompt before users open the app

When installing Smart Guess or when significant changes are made, users need to grant the solution the following access:

...

Image Removed

Info

New information - Atlassian has decided to “Remove the allow access” prompt

“We’re removing user consent and individual users will no longer have to allow access to use an app. Instead, we will be relying on administrators to give consent on behalf of the users on their sites.”, https://community.developer.atlassian.com/t/were-removing-the-allow-access-prompt-for-forge-apps/53035

This is expected to be in place before end of year 2022.

...

What permissions does Smart Guess require and why?

The following table describes the permissions Smart Guess requires and why they are needed:

Required permissions

Why is it needed?

Share

Exchange data with

domain

the following url:

  • api.smartguess.is

Smart Guess Realtime Engine shares key user actions with team

-

members taking part in the estimation

,

when it happens.

This is critical so that all team members can see who has joined, who has given an estimate, etc.

The Realtime Engine

, doesn’t

doesn't process or store

any

personal data, in line with the GDPR principle of

'purpose limitiation'

purpose limitation.’

Retrieve images used by the Atlassian libraries through the following urls:

These permissions prevent the app from reloading when retrieving images from these sources.

Smart Guess is using Atlassian Libraries that retrieve images from these sources. They provide automatically generated avatar images when user-provided images are missing, issue type images and so on.

View Jira issue data.

Allows Smart Guess to read the issue key

in order

to retrieve the current state of the planning session for the issue. Furthermore, retrieve the current story point value to show users if story points

needs

need saving.

View user profiles

Used

It is used to identify who has joined the planning session

,

and who has given an estimate and to retrieve

users name, profile picture

the user's name and profile pictures displayed to other users.

Notice that Smart Guess does not store any personal data. Only retrieves it on demand, in line with the GDPR principle of

'data

minimisation’

minimization.'

Create and manage issues.

Allows Smart Guess to:

  1. check if the story point field can be updated

  2. save the story point value selected

App storage scope

Allows Smart Guess to store

current state of

the planning session's current state for the

current

issue. In other words

;

, what users have joined and their estimates.

Notice that Smart Guess does not store any personal data. Only retrieves it on demand, in line with the GDPR principle of data

minimisation

minimization.

Write Jira User Property

Used to track if the current user has already seen

  1. user onboarding messages

  2. new release messages

So that these messages are only displayed once for each user.

Write Jira Field

Used to keep the following information up to date:

  • Estimated by - who has estimated the issue

  • T-shirt estimate

Why other apps on the marketplace do not require “Allow access”?

Jira Cloud apps that don’t ask users to “Allow access” are built using the older Atlassian Cloud framework, Atlassian Connect. With Connect the app servers and data are operated and stored by the app developer in the ‘Public Cloud.’ Atlassian is moving away from this setup and is working towards a more robust setup and Unifying Atlassian Connect and Forge. With the new Forge framework, Atlassian is:

giving customers confidence in app security with more control and visibility into which apps have access to what data

Furthermore, Atlassian staff explain that:

A large reason why we are building Forge is to address security, trust, and compliance requirements in our customer’s journey to the cloud., https://community.developer.atlassian.com/t/were-removing-the-allow-access-prompt-for-forge-apps/53035

New apps built on Forge fundamentally differ from ones built using the Atlassian Connect cloud development framework. With Forge, apps are built and run within the boundaries of Atlassian’s cloud platform, unlocking new benefits for developers and customers.

...

Platform compliance

Forge lets developers keep customer data hosted in the Atlassian cloud, making it easier to comply with GDPR and other regulatory requirements. Atlassian is working towards SOC2 certification for Forge and making Forge meet the needs of customers’ data residency requirements in the future.

...

More information about this here https://www.atlassian.com/blog/announcements/forge-launch

So why do other apps on the marketplace not require “Allow access”?

Other apps built using Atlassian Connect store customer data on their servers in the ‘public cloud.' Even so, users of these apps are not informed about this in the same way as users of apps build on Atlassian Forge are:

“share data with 1 domain outside of Atlassian”

Furthermore, individual users don’t have to accept sharing data with domains outside of Atlassian, even though most, if not all Atlassian Connect apps do.

...

Manage Jira Configuration

Allows users to save Story Point estimates without having to edit Jira configuration for every project your teams are using. Without this permission Jira Admins had to associate Story Point field to the appropriate screen for every project.