Permissions
Access Control
ScriptForge access is restricted to Jira Administrators by default. Only users with the jira-admins group membership can access the ScriptForge admin panel and manage configurations.
Who Can Do What
| Action | Requirement |
|---|---|
| Install/uninstall ScriptForge | Site Administrator |
| Access the admin panel | Jira Administrator |
| Create/edit event handlers, events, rules | Jira Administrator |
| Create/edit field behaviours | Jira Administrator |
| Run scripts in the console | Jira Administrator |
| See smart field values on issues | Any user with issue access |
| Be affected by field behaviours on forms | Any user (field behaviours apply to all users) |
| Click fragment buttons/see panels | Users with access to the issue/project |
Script Execution Context
Scripts can run in two contexts:
Run As App (Default)
The script executes using the Forge app's service account. It has broad permissions across all projects - it can read/write any issue, transition workflows, and access all users. This is the standard mode for event handlers and scheduled events.
Run As User
The script executes with the permissions of the user who triggered the event. If a user creates an issue and an event handler runs "as user", that script can only do what that specific user has permission to do. This is useful for permission-aware automation.
Important: Most Canarys HAPI methods use the app context by default. If a script needs user-level permissions, configure the event handler/job with
runAs: 'user'.
Field Behaviour Permissions
Field Behaviours (UI Modifications) apply to all users who open the affected issue form. There is no per-user permission model for field behaviours - if a field behaviour is configured for a project and issue type, every user sees the modified form.
Fragment Permissions
Fragments (web items, web panels) are visible to all users who have access to the issue or project where the fragment is displayed. Visibility cannot be restricted to specific user groups through ScriptForge's configuration - use Jira's native project permissions to control access.