OAuth のスコープおよびエンドポイント
Jira に必要なスコープおよびエンドポイントドメイン
Jira と連携する場合、アプリケーションはAPI とやりとりするために特定の権限が必要です。これらの権限はアクセススコープによって定義され、アプリケーションがアクセス可能なデータと実行可能なアクションを決定します。
このトピックでは、Jira プロバイダーに必要なアクセススコープとエンドポイントドメインについての情報を提供します。
スコープについて
スコープは、ユーザーのデータへのアプリケーションによるアクセスを制限するための手段です。これは、アプリケーションがユーザーに代わって実行できる特定のアクションを定義します。
例えば、読み取り専用スコープではアプリケーションにデータの閲覧を許可し、フルアクセススコープではデータの変更を許可することができます。
Jira に必要なスコープ
Scopes can be controlled using the Scope connection property.
Jira has two types of scopes: Classic and Granular. Jira recommends Classic scopes when available.
| Scope | Type | Description |
| read:jira-user | Classic | View user information in Jira that the user has access to, including usernames, email addresses, and avatars. Required for read and write access. |
| read:jira-work | Classic | Read Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs. Required for read and write access. |
| write:jira-work | Classic | Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues. Required for write access. |
| manage:jira-project | Classic | Create and edit project settings and create new project-level objects (for example, versions and components). Required for write access. |
| manage:jira-configuration | Classic | Take Jira administration actions (for example, create projects and custom fields, view workflows, and manage issue link types). Required for write access. |
| read:application-role:jira | Granular | View application roles. Required for read and write access. |
| read:audit-log:jira | Granular | View audit logs. Required for read and write access. |
| read:dashboard:jira | Granular | View dashboards. Required for read and write access. |
| read:filter:jira | Granular | View filters. Required for read and write access. |
| read:filter.column:jira | Granular | View filter columns. Required for read and write access. |
| read:group:jira | Granular | View user groups. Required for read and write access. |
| read:issue:jira | Granular | View issues. Required for read and write access. |
| write:issue:jira | Granular | Create and update issues. Required for write access. |
| delete:issue:jira | Granular | Delete issues. Required for write access. |
| read:issue-meta:jira | Granular | View issue meta. Required for read and write access. |
| read:attachment:jira | Granular | View issue attachments. Required for read and write access. |
| write:attachment:jira | Granular | Create and update issue attachments. Required for write access. |
| delete:attachment:jira | Granular | Delete issue attachments. Required for write access. |
| read:comment:jira | Granular | View issue comments. Required for read and write access. |
| write:comment:jira | Granular | Create and update issue comments. Required for write access. |
| delete:comment:jira | Granular | Delete issue comments. Required for write access. |
| read:comment.property:jira | Granular | View issue comment properties. Required for read and write access. |
| write:comment.property:jira | Granular | Create and update issue comment properties. Required for write access. |
| delete:comment.property:jira | Granular | Delete issue comment properties. Required for write access. |
| read:field:jira | Granular | View fields. Required for read and write access. |
| write:field:jira | Granular | Create and update fields. Required for write access. |
| read:field.option:jira | Granular | View field options. Required for read and write access. |
| read:field.options:jira | Granular | Read field options. Required for read and write access. |
| read:custom-field-contextual-configuration:jira | Granular | Read custom field contextual configurations. Required for read and write access. |
| write:custom-field-contextual-configuration:jira | Granular | Save custom field contextual configurations. Required for write access. |
| read:field-configuration:jira | Granular | Read field configurations. Required for read and write access. |
| write:field-configuration:jira | Granular | Save field configurations. Required for write access. |
| read:issue-link:jira | Granular | View issue links. Required for read and write access. |
| read:issue-link-type:jira | Granular | View issue link types. Required for read and write access. |
| read:issue.property:jira | Granular | View issue properties. Required for read and write access. |
| read:priority:jira | Granular | View priorities. Required for read and write access. |
| read:resolution:jira | Granular | View resolutions. Required for read and write access. |
| read:issue-details:jira | Granular | View issue details. Required for read and write access. |
| read:issue-security-scheme:jira | Granular | View issue security schemes. Required for read and write access. |
| read:issue-type:jira | Granular | View issue types. Required for read and write access. |
| read:issue-type-scheme:jira | Granular | View issue type schemes. Required for read and write access. |
| read:issue-type.property:jira | Granular | View issue type properties. Required for read and write access. |
| read:issue.watcher:jira | Granular | View issue watchers. Required for read and write access. |
| read:issue-worklog:jira | Granular | View issue worklogs. Required for read and write access. |
| read:issue-field-values:jira | Granular | View issue field values. Required for read and write access. |
| read:issue-security-level:jira | Granular | View issue security levels. Required for read and write access. |
| read:issue-status:jira | Granular | View issue statuses. Required for read and write access. |
| read:issue.changelog:jira | Granular | View issue changelogs. Required for read and write access. |
| read:issue.transition:jira | Granular | View issue transitions. Required for read and write access. |
| delete:issue-type:jira | Granular | Delete issue types. Required for write access. |
| write:issue-type:jira | Granular | Create and update issue types. Required for write access. |
| read:user:jira | Granular | View users. Required for read and write access. |
| read:user.columns:jira | Granular | View user columns. Required for read and write access. |
| read:project:jira | Granular | View projects. Required for read and write access. |
| write:project:jira | Granular | Create and update projects. Required for write access. |
| delete:project:jira | Granular | Delete projects and their details, such as issue types, project lead, and avatars. Required for write access. |
| read:project-category:jira | Granular | View project categories. Required for read and write access. |
| read:project.component:jira | Granular | View project components. Required for read and write access. |
| write:project.component:jira | Granular | Create and update project components. Required for write access. |
| delete:project.component:jira | Granular | Delete project components. Required for write access. |
| read:project.property:jira | Granular | View project properties. Required for read and write access. |
| write:project.property:jira | Granular | Create and update project properties. Required for write access. |
| delete:project.property:jira | Granular | Delete project properties. Required for write access. |
| read:project-role:jira | Granular | View project roles. Required for read and write access. |
| write:project-role:jira | Granular | Create and update project roles. Required for write access. |
| delete:project-role:jira | Granular | Delete project roles. Required for write access. |
| read:project-version:jira | Granular | View project versions. Required for read and write access. |
| write:project-version:jira | Granular | Create and update project versions. Required for write access. |
| delete:project-version:jira | Granular | Delete project versions. Required for write access. |
| read:issue.time-tracking:jira | Granular | View issue time tracking. Required for read and write access. |
| write:issue.time-tracking:jira | Granular | Create and update issue time tracking. Required for write access. |
| read:user.property:jira | Granular | View user properties. Required for read and write access. |
| write:user.property:jira | Granular | Create and update user properties. Required for write access. |
| delete:user.property:jira | Granular | Delete user properties. Required for write access. |
| read:workflow:jira | Granular | View workflows. Required for read and write access. |
| read:workflow-scheme:jira | Granular | View workflow schemes. Required for read and write access. |
| read:status:jira | Granular | View statuses. Required for read and write access. |
| read:workflow.property:jira | Granular | View workflow properties. Required for read and write access. |
| read:project-type:jira | Granular | View project types. Required for read and write access. |
| read:project.email:jira | Granular | View project emails. Required for read and write access. |
| write:project.email:jira | Granular | Create and update project emails. Required for write access. |
| read:role:jira | Granular | View roles. Required for read and write access. |
| read:user-configuration:jira | Granular | View user configurations. Required for read and write access. |
| write:user-configuration:jira | Granular | Create and update user configurations. Required for write access. |
| delete:user-configuration:jira | Granular | Delete user configurations. Required for write access. |
| read:jql:jira | Granular | View JQL. Required for read and write access. |
| validate:jql:jira | Granular | Validate JQL. Required for read and write access. |
エンドポイントドメインについて
エンドポイントドメインとは、アプリケーションが認証、レコードの取得、その他の重要な操作を実行するために通信する必要がある特定のURL を指します。
これらのドメインを許可することで、アプリケーションとAPI 間のネットワークトラフィックがファイアウォールやセキュリティ設定によってブロックされることがなくなります。
Note: ほとんどのユーザーは特別な設定をする必要はありません。許可リストは通常、送信ネットワークトラフィックの制限など、厳格なセキュリティ対策が施された環境でのみ必要となります。
Jira に必要なエンドポイントドメイン
| Domain | Always Required | Description |
| <URL> | TRUE | The URL of your Jira instance. |
| api.atlassian.com | FALSE | The base URL of the Jira API. Required when AuthScheme is set to OAuth. |
| <SSOLoginURL> | FALSE | The URL of your SSO provider. Required when AuthScheme is set to OKTA or CROWD. |
| <SSOExchangeURL> | FALSE | Your SSO Exchange URL. Required when AuthScheme is set to OKTA or CROWD. |