Gantt Cloud does not have any custom access control mechanisms at the moment and it is relying on the built-in JIRA groups, roles and permissions system. However, please be aware that every Every request that add-on is making to the JIRA API isn't to get issue or project's information is performed on behelf of the current, logged in user but . Therefore, all restrictions that are in place for that user will be respected by the add-on.
In case if you need more complex access control in place, please note that so-called Add-on user is created once the Gantt Cloud is installed. Administrators can permission that add-on user in very similar ways to how they permission normal users. Every incoming request from a Gantt Cloud add-on (except from those made by logged-in users mentioned above) is assigned the user addon_eu.wisoft.gantt-ondemand and authorisation proceeds as normal from that point onwards, with the add-on user's permissions limiting what API features the incoming requests may target.
...