Access Control
Gantt Cloud does not have any custom access control mechanisms at the moment and it is relying on the built-in JIRA groups, roles and permissions system. Every request that add-on is making to the JIRA API to get issue or project's information is performed on behelf of the current, logged in user. Therefore, all restrictions that are in place for that user will be respected by the add-on.
In case if you need more complex access control in place, please note that so-called Add-on user is created once the Gantt Cloud is installed. Administrators can permission that add-on user in very similar ways to how they permission normal users. Every incoming request from a Gantt Cloud add-on (except from those made by logged-in users mentioned above) is assigned the user addon_eu.wisoft.gantt-ondemand and authorisation proceeds as normal from that point onwards, with the add-on user's permissions limiting what API features the incoming requests may target.
Dedicated add-on users are created automatically whenever you install new add-on on your JIRA instance. These users shall not be removed manually. As a system user, add-on user does not consume your JIRA licenses.
