When do users need to 'Allow access?'
When installing Smart Guess for the first time or when significant changes are made, users need to approve the app's access to key information so that the app will work, as seen below:
The required permissions are listed below under the heading "What permissions does Smart Guess require and why?"
Why do users need to "Allow access" before opening the app?
Smart Guess is built using the Atlassian latest Development platform, Forge. Quoting Daniel, Engineering Manager on the Atlassian Forge Platform:
A large reason why we are building Forge is to address security, trust, and compliance requirements in our customer’s journey to the cloud.
We needed more granular permissions and ultimately we wanted to provide more control to our customers.
So that's the reason users of Forge apps need to “Allow access” while users on apps built using the older Connect platform don't.
Why is Atlassian now planning on removing the "Allow access" prompt?
Again quoting Daniel on the same post:
We’ve seen quite a lot of feedback in relation to the “allow access” button shown for Forge apps. Some developers are asking for us to give controls to administrators to turn that off, some want it gone completely.
We understand the risk this has for users onboarding to your apps. It’s a point of friction. We’ve experienced this friction internally with our own apps!
We’re removing user consent and individual users will no longer have to allow access to use an app. Instead, we will be relying on administrators to give consent on behalf of the users on their sites
This is expected to be in place in early 2023.
What permissions does Smart Guess require and why?
The following table describes the permissions Smart Guess requires and why they are needed:
Required permissions | Why is it needed? |
Share data with domain: api.smartguess.is | Smart Guess Realtime Engine shares key user actions with team members taking part in the estimation when it happens. This is critical so that all team members can see who has joined, who has given an estimate, etc. The Realtime Engine doesn't process or store personal data, in line with the GDPR principle of ‘purpose limitation.’ |
View Jira issue data. | Allows Smart Guess to read the issue key to retrieve the current state of the planning session for the issue. Furthermore, retrieve the current story point value to show users if story points need saving. |
View user profiles | It is used to identify who has joined the planning session and who has given an estimate and to retrieve the user's name and profile pictures displayed to other users. Notice that Smart Guess does not store any personal data. Only retrieves it on demand, in line with the GDPR principle of 'data minimization.' |
Create and manage issues. | Allows Smart Guess to:
|
App storage scope | Allows Smart Guess to store the planning session's current state for the issue. In other words, what users have joined and their estimates. Notice that Smart Guess does not store any personal data. Only retrieves it on demand, in line with the GDPR principle of data minimization. |
Write Jira User Property | Used to track if the current user has already seen
So that these messages are only displayed once for each user. |
Write Jira Field | Used to keep the following information up to date:
|
Manage Jira Project | Allows users to save Story Point estimates without having to edit Jira configuration for every project your teams are using. Without this permission Jira Admins had to associate Story Point field to the appropriate screen for every project. |
Why don't other apps on the marketplace need users to 'Allow access'?
Jira Cloud apps that don't ask users to “Allow access” are built using the older Atlassian Cloud framework, Atlassian Connect. With Connect, the app servers and data are operated and stored by the app developer in the 'Public Cloud.' Atlassian is moving away from this setup and is building a new world-class app ecosystem called Atlassian Forge. Forge offers a more robust setup where all customer data is stored and operated by Atlassian, unlike all current Connect apps. Atlassian is working towards Unifying Atlassian Connect and Forge, focusing on:
Furthermore, Atlassian staff explains that:
A large reason why we are building Forge is to address security, trust, and compliance requirements in our customer’s journey to the cloud., https://community.developer.atlassian.com/t/were-removing-the-allow-access-prompt-for-forge-apps/53035
Smart Guess was one of the first apps released on the new Atlassian Forge platform in May 2021, built on solid security foundations from the ground up. Apps built on Forge fundamentally differ from ones made using the Atlassian Connect cloud development framework. With Forge, apps are built and run within the boundaries of Atlassian's cloud platform, unlocking new benefits for developers and customers.
Platform compliance
Forge lets developers keep customer data hosted in the Atlassian cloud, making it easier to comply with GDPR and other regulatory requirements. Atlassian is working towards SOC2 certification for Forge and making Forge meet customers' data residency requirements in the future.
More information about this here https://www.atlassian.com/blog/announcements/forge-launch
So why do other apps on the marketplace not require "Allow access"?
Other apps built using Atlassian Connect store customer data on their servers in the 'public cloud.' Even so, users of these apps are not informed about this in the same way as users of apps built on Atlassian Forge are:
“share data with 1 domain outside of Atlassian”
Furthermore, individual users don't have to accept sharing data with domains outside of Atlassian, even though most, if not all, Atlassian Connect apps do.
The good thing is Atlassian is strengthening the security profile of all apps and will eventually unify Atlassian Connect and Forge apps and have them comply with the same strict security policies.