Our Jira Cloud versions require the following Atlassian Connect Permissions (Scopes): Read, Write, Delete and Project Administration. Project Administration is needed for the creation and updating of Versions.
As our products are delivered as a static, client-side add-on, the requests to read, create or update Jira data are made by the account of the person using the add-on. When you install the add-on you will see a new user added automatically to the Jira Software projects (e.g. Easy Agile User Story Maps for Jira (addon_com.kretar.Jira.plugin.user-story-map)) under the role 'atlassian-addons-project-access'.
At Easy Agile, we follow Atlassians stringent guidelines for security, including:
Build, test, and deployment automation means Easy Agile team members do not require or have access to production infrastructure.
Infrastructure is in code (Amazon Web Services CloudFormation Templates) enabling us to test changes in test and staging environments before rolling those changes to production environments.
We leverage a Cloud identity provider, a Cloud access management platform, and enforce a strict password policy for team members. All privileged level infrastructure and service provider access require hardware 2FA tokens.