Permissions

Access Control

ScriptForge access is restricted to Jira Administrators by default. Only users with the jira-admins group membership can access the ScriptForge admin panel and manage configurations.

Who Can Do What

Action Requirement
Install/uninstall ScriptForge Site Administrator
Access the admin panel Jira Administrator
Create/edit event handlers, events, rules Jira Administrator
Create/edit field behaviours Jira Administrator
Run scripts in the console Jira Administrator
See smart field values on issues Any user with issue access
Be affected by field behaviours on forms Any user (field behaviours apply to all users)
Click fragment buttons/see panels Users with access to the issue/project

Script Execution Context

Scripts can run in two contexts:

Run As App (Default)

The script executes using the Forge app's service account. It has broad permissions across all projects - it can read/write any issue, transition workflows, and access all users. This is the standard mode for event handlers and scheduled events.

Run As User

The script executes with the permissions of the user who triggered the event. If a user creates an issue and an event handler runs "as user", that script can only do what that specific user has permission to do. This is useful for permission-aware automation.

Important: Most Canarys HAPI methods use the app context by default. If a script needs user-level permissions, configure the event handler/job with runAs: 'user'.

Field Behaviour Permissions

Field Behaviours (UI Modifications) apply to all users who open the affected issue form. There is no per-user permission model for field behaviours - if a field behaviour is configured for a project and issue type, every user sees the modified form.

Fragment Permissions

Fragments (web items, web panels) are visible to all users who have access to the issue or project where the fragment is displayed. Visibility cannot be restricted to specific user groups through ScriptForge's configuration - use Jira's native project permissions to control access.