Why Aren't Role-Restricted Comments Syncing in Jira Cloud?

General Questions
1

We have an Exalate connection from Jira Cloud to ServiceNow.

Comments made by users in a specific project role were not syncing to ServiceNow. The outgoing script has no filtering, and the Exalate app already has full comment permissions via the atlassian-addons-project-access role in the permission scheme.

Turns out, when a comment is posted with a per-comment visibility restriction (“Restrict to: [Role]”), it overrides the project permission scheme, and the Exalate app can’t see it unless it’s explicitly added to that role.

Has anyone else run into this? How are you handling role-restricted comments with Exalate on Jira Cloud?

3

The fix:

Add the Exalate proxy user to the restricted role via the Jira REST API using its account ID.

This post walks through how to identify the issue, find the Exalate account ID, and add it to the correct project role using cURL.

Step 1: List All Project Roles

First, find the role IDs for your project. Replace , <PROJECT_KEY>, , and <API_TOKEN> with your values.

curl -s -X GET \
  'https://<INSTANCE>.atlassian.net/rest/api/3/project/<PROJECT_KEY>/role' \
  -u '<EMAIL>:<API_TOKEN>' \
  -H 'Accept: application/json' | python3 -m json.tool

Note the role ID from the URL

Step 2: Find the Exalate Account ID

Query the atlassian-addons-project-access role to find Exalate’s account ID:

curl -s -X GET \
  'https://<INSTANCE>.atlassian.net/rest/api/3/project/<PROJECT_KEY>/role/<ADDONS_ROLE_ID>' \
  -u '<EMAIL>:<API_TOKEN>' \
  -H 'Accept: application/json' | python3 -m json.tool

Step 3: Add Exalate to the Restricted Role

curl -s -X POST \
  'https://<INSTANCE>.atlassian.net/rest/api/3/project/<PROJECT_KEY>/role/<TARGET_ROLE_ID>' \
  -u '<EMAIL>:<API_TOKEN>' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "user": ["<EXALATE_ACCOUNT_ID>"]
  }' | python3 -m json.tool

Example with real values:

curl -s -X POST \
  'https://myinstance.atlassian.net/rest/api/3/project/10004/role/10025' \
  -u 'admin@company.com:YOUR_API_TOKEN' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "user": ["557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec"]
  }' | python3 -m json.tool
Placeholder Description Example
Your Jira Cloud subdomain mycompany
<PROJECT_KEY> The project key CM
Jira admin email admin@company.com
<API_TOKEN> API token from id.atlassian.com ATATT3x…
<ADDONS_ROLE_ID> ID of atlassian-addons-project-access 10003
<TARGET_ROLE_ID> ID of the restricted role 10025
<EXALATE_ACCOUNT_ID> Exalate’s account ID from Step 2 557058:c020323a-…

Having full comment permissions in the permission scheme is not enough. If comments have per-comment visibility restrictions, the Exalate app must be a member of that specific project role to see and sync them. Since Jira Cloud doesn’t allow adding apps to roles through the UI, the REST API is the way to go.