Which permissions do I need to use Risk Register?


Permissions Required

Adjust site-wide app settings

Jira Global Admin

Adjust project app settings

Administer Project

Create a risk

Create/edit Issues

View the risk register or matrix

Browse Project

Create a multi-project risk register

Browse Project

In addition, Risk Register for Jira Cloud (RR) requires these scopes: READ, WRITE, DELETE, ADMIN, ACT_AS_USER. We will address the justification of those scopes in reverse order:


RR accesses the following Jira REST end-point under the identity of the user:

RR uses the responses from that end-point to determine whether the user may navigate to the app’s administration pages, and which risk registers the user is permitted to view (determined by project permissions).


When the RR app is installed, it looks for an issue type called “risk”, and adopts that issue type as the marker of issues that represent risks. In order the retrieve the full set of issue types on the Jira Cloud instance, ADMIN privileges are required.


Maintain issue properties

RR maintains two issue entity properties relevant to risk assessments: "pbrr-assessment" and "pbrr-assessment-backup". RR also gets, sets, and deletes the "com.projectbalm.riskregister.riskregister-jira_add-risk-assessment" issue property as a means of controlling the visibility of the risk assessment issue content.

Maintain a project property

RR stores project-related settings in a project entity property called “pbrr-settings”

Issue and project searches

RR performs issue searches in order to retrieve issues that represent risks. It searches for projects in order to provide the user with a list of the projects that are defined as risk registers.