Permissions
Access Control
ScriptForge access is restricted to Jira Administrators by default. Only users with the jira-admins group membership can access the ScriptForge admin panel and manage configurations.
Who Can Do What
| Action | Requirement |
|---|---|
| Install/uninstall ScriptForge | Site Administrator |
| Access the admin panel | Jira Administrator |
| Create/edit listeners, jobs, rules | Jira Administrator |
| Create/edit behaviours | Jira Administrator |
| Run scripts in the console | Jira Administrator |
| See scripted field values on issues | Any user with issue access |
| Be affected by behaviours on forms | Any user (behaviours apply to all users) |
| Click fragment buttons/see panels | Users with access to the issue/project |
Script Execution Context
Scripts can run in two contexts:
Run As App (Default)
The script executes using the Forge app's service account. It has broad permissions across all projects — it can read/write any issue, transition workflows, and access all users. This is the standard mode for listeners and scheduled jobs.
Run As User
The script executes with the permissions of the user who triggered the event. If a user creates an issue and a listener runs "as user", that script can only do what that specific user has permission to do. This is useful for permission-aware automation.
Important: Most HAPI methods use the app context by default. If a script needs user-level permissions, configure the listener/job with
runAs: 'user'.
Behaviour Permissions
Behaviours (UI Modifications) apply to all users who open the affected issue form. There is no per-user permission model for behaviours — if a behaviour is configured for a project and issue type, every user sees the modified form.
Fragment Permissions
Fragments (web items, web panels) are visible to all users who have access to the issue or project where the fragment is displayed. Visibility cannot be restricted to specific user groups through ScriptForge's configuration — use Jira's native project permissions to control access.