Which permissions do I need to use Risk Register?

This page applies to Risk Register for Jira Cloud

Function	Permissions Required

Function	Permissions Required
Adjust site-wide app settings	Jira Global Admin
Adjust project app settings	Administer Project
Create a risk	Create/edit Issues
View the risk register or matrix	Browse Project
Create a multi-project risk register	Browse Project

In addition, Risk Register for Jira Cloud (RR) requires these scopes: READ, WRITE, DELETE, ADMIN, ACT_AS_USER. We will address the justification of those scopes in reverse order:

ACT_AS_USER

RR accesses the following Jira REST end-point under the identity of the user:

GET /rest/api/2/mypermissions
Returns a list of permissions indicating which permissions the user has

RR uses the responses from that end-point to determine whether the user may navigate to the app’s administration pages, and which risk registers the user is permitted to view (determined by project permissions).

ADMIN

When the RR app is installed, it looks for an issue type called “risk”, and adopts that issue type as the marker of issues that represent risks. In order the retrieve the full set of issue types on the Jira Cloud instance, ADMIN privileges are required.

GET /rest/api/2/issuetype

READ/WRITE/DELETE

Maintain issue properties

RR maintains two issue entity properties relevant to risk assessments: "pbrr-assessment" and "pbrr-assessment-backup". RR also gets, sets, and deletes the "com.projectbalm.riskregister.riskregister-jira_add-risk-assessment" issue property as a means of controlling the visibility of the risk assessment issue content.

Maintain a project property

RR stores project-related settings in a project entity property called “pbrr-settings”

Issue and project searches

RR performs issue searches in order to retrieve issues that represent risks. It searches for projects in order to provide the user with a list of the projects that are defined as risk registers.