Grant "Browse Users" permission to add-ons requesting READ scope
Currently, add-ons don't automatically get the global "Browse Users" permission, which is needed to get data from:
Has this been fixed? Our addon's backend can now search users using just JWT token (before all the user searches returned an empty list). Has anything changed in your end?
Not sure why an add-on with the following scope: "Read data from the host application" wouldn't be able to browse users.
I imagine most of our users expect that the add-on can read JIRA user data having granted that scope.
We're impacted by this issue as well.
We'd be fine with a new scope – BROWSE_USERS – to request to get access to these user search APIs.
This accounts for the vast majority of my support requests for Cloud right now. It is super confusing for the users when someone else updates permissions for the space and all add-ons stop working.
This is literally the perfect of example of if Atlassian were building commercial or supported Cloud add-ons (dogfooding) for JIRA and Confluence .... this would be implemented. Hipchat add-on devs won't run into issues like this because Atlassian is dogfooding Hipchat AC for add-ons they support.
We have the same problem with /rest/api/2/user/permission/search. Please increase the priority!