Which permissions do I need to use Risk Register?
Adjust site-wide app settings
Jira Global Admin
Adjust project app settings
Create a risk
View the risk register or matrix
Create a multi-project risk register
In addition, Risk Register for Jira Cloud (RR) requires these scopes: READ, WRITE, DELETE, ADMIN, ACT_AS_USER. We will address the justification of those scopes in reverse order:
RR accesses the following Jira REST end-point under the identity of the user:
Returns a list of permissions indicating which permissions the user has
RR uses the responses from that end-point to determine whether the user may navigate to the app’s administration pages, and which risk registers the user is permitted to view (determined by project permissions).
When the RR app is installed, it looks for an issue type called “risk”, and adopts that issue type as the marker of issues that represent risks. In order the retrieve the full set of issue types on the Jira Cloud instance, ADMIN privileges are required.
Maintain issue properties
RR maintains two issue entity properties relevant to risk assessments: "pbrr-assessment" and "pbrr-assessment-backup". RR also gets, sets, and deletes the "com.projectbalm.riskregister.riskregister-jira_add-risk-assessment" issue property as a means of controlling the visibility of the risk assessment issue content.
Maintain a project property
RR stores project-related settings in a project entity property called “pbrr-settings”
Issue and project searches
RR performs issue searches in order to retrieve issues that represent risks. It searches for projects in order to provide the user with a list of the projects that are defined as risk registers.