Bulk Clone Proffessional for Cloud Migration Plan

 

 

 

Migration Support to move to Bulk Clone Professional for Cloud

  • Q1. Pre-Migration Requirements to
    move to Bulk Clone Professional for Cloud – are there any specific steps or configurations we need to perform before initiating the migration?
  • A1. It is useful to go through the Jira Cloud migration assistant. Apart from that, Bulk Clone Professional for DataCenter does not store any meta data that needs to be carried over. You just install the Bulk Clone Professional Cloud APP and start importing the Jira projects you want to carry over from Jira Data Center, the same is true if you are moving directly to cloud without prior usage of Bulk Clone
  • Q2. Post-Migration Actions – what actions are required after the migration to ensure Bulk Clone Professional function correctly in the Cloud environment?
  • A2. No actions specific actions required.
  • Q3. Feature Compatibility with Bulk Clone Professional for Data Center – are there any known limitations or differences in Bulk Clone Professional functionality between Jira Data Center and Jira Cloud to be aware of?
  • A3. There are minor features from our Data Center APP that
    we are iteratively adding to our cloud solution. In some aspects
    the cloud solution has other unique features that our data center app does not have, for instance full log monitoring and status for each cloning operation You need to rely on Jira’s built in Project Export/Import between the 2 products as we are not supporting export/import of metadata from projects only project data related to issues

 

 

The Table below will give you a full insight to specifics of our Bulk Clone Professional for Cloud solution

Customer Queries

Explanations

Answers from us

Extensibility App Name

The App’s display name

Bulk Clone Professional
for Cloud

Extensibility App Description

Detailed
App Description

https://marketplace.atlassian.com/apps/1213028/bulk-clone-professional-for-jira?hosting=cloud&tab=overview

Is 1st party App

Is the App
provided by Atlassian as the official add-ons in the Atlassian Marketplace?
YES / NO

 

Yes

3rd party

providing App

The
supplier of the custom App

LB Consulting Group AB

URL of vendor website

Please
provide URL

https://www.lbconsultinggroup.org/products/jira/

URL of application info page

Please provide URL

https://www.lbconsultinggroup.org/bulk-clone-cloud-solution/

URL of Privacy Policy

Please provide URL

https://www.lbconsultinggroup.org/lb-consulting-group-privacy-policy/

URL of Terms of Use

Please provide URL

https://www.lbconsultinggroup.org/service-end-user-agreement-levels/

APP
Extensibility Type

Type of Extensibility in that App

Which type of extensibility does this Atlassian app use
(Write all those that apply):

  • Forge-based app – Runs in Atlassian’s cloud (serverless, sandboxed)
    and extends Jira/Confluence through Atlassian-hosted functions and UI
    modules.
  • Connect-based app – Hosted by the vendor, integrates with Atlassian
    Cloud via REST APIs, webhooks, and injected UI components (e.g., issue
    panels, Confluence macros).
  • Webhooks – Sends or receives event notifications between
    Atlassian products and external services (e.g., issue updates, page changes).
  • Custom UI Modules – Adds new fields, dashboard gadgets, macros, or
    panels inside Jira/Confluence.
  • Automation or API Integration – Uses Jira Automation rules or Atlassian APIs (REST/GraphQL) to trigger workflows or exchange data with other
    systems.
  • Other (please
    specify):

Forged Based APP

Authentication

Does the app connect to any external service or API (outside
Atlassian Cloud)?

YES / NO

If yes, list the external services.

No

Which type of authentication does the app use for its
connections (to Atlassian and/or external services)?
  • Forge-managed authentication (runs
    in Atlassian, no external credentials)
  • JWT (JSON Web Token) for Atlassian
    Connect apps
  • OAuth 2.0 (for external API
    integrations)
  • Basic API tokens
  • Other (please specify)

Forged Managed authentication
(Runs in Atlassian)

Does the app use a secure channel (HTTPS/TLS) for all external
connections?

YES / NO

Yes

Permissions

Which
specific permissions (scopes) does the app request to act on behalf of the
user or the organization?
  • List all requested scopes (e.g., read:jira-work, write:confluence-space, manage:webhook).
  • Are these permissions read-only,
    write, or admin-level?
  • Are all requested permissions
    necessary for the app’s stated function? (Yes/No)
  • Can permissions be limited per user/group
    (granular access), or are they organization-wide?
  • read:jira-work:
  • allowImpersonation: true
  • write:jira-work:
  • allowImpersonation: false
  • read:jira-user:
  • allowImpersonation: false
  • read:issue:jira-software:
  • allowImpersonation: true
  • write:issue:jira-software:
  • allowImpersonation: false
  • write:epic:jira-software:
  • allowImpersonation: false
  • read:epic:jira-software:
  • allowImpersonation: true
  • write:remote-link:jira-software:
  • allowImpersonation: false
  • read:remote-link:jira-software:
  • allowImpersonation: false
  • storage:app:
  • allowImpersonation: false
  • manage:jira-configuration:
  • allowImpersonation: false
  • manage:jira-project:
  • allowImpersonation: false
  • The permissions are WRITE and ADMIN
  • Yes. Admin is unfortunately needed for some of the rest api calls but we are continuously keeping an eye on this so that we don’t need it
  • It is restricted to only the users of bulk-clone-pro-users
    group or users that have BULK_CHANGE permission.

Content/Data

Does
the app interact with any external service to store, transfer, or process
sensitive data (e.g., PII, intellectual property, or other confidential
data)?

Yes / No

If yes, please specify the external service(s)

 

No

Is
the external service listed as an approved external collaboration service by
OIT?

Yes / No / Not applicable

N/A

Security & Compliance

Assessment
of Atlassian Plugin Application security

https://www.atlassian.com/trust

Runs on Atlassian” trust signal
earned: https://developer.atlassian.com/platform/marketplace/runs-on-atlassian/

Atlassian
Cloud Application security assessment of SaaS Service

Applicable if SaaS service currently not approved. Application must adhere to a company
specific security and compliance requirements

N/A

APP
must use least privilege Security Principles

Review Security, principle of least privilege,
requesting only the minimum permissions required to function

Yes, we always review the scopes and
changes in the API to reduce the amount of
permissions needed for the app to run correctly.

APP
Data Handling

How the app accesses, handles and stored data:

· What types of data does the app collect, process, or
store? (e.g., user data, PII, intellectual property)

· How does the app handle sensitive data?

· Is data encrypted at rest and in transit?

· What are the data retention and deletion policies?

 

  • The APP does not collect or store any metadata

 

 

  • It does not store any sensitive data
  • No data is encrypted, not applicable

 

  • Since no data is collected or stored this is N/A

Data
Sharing and Transfer

Does the app transfer or share data with any third
party outside of Atlassian Cloud or your approved SaaS providers?

If yes, please specify the third-party services
involved and their compliance status.

No

 

 

 

 

 

N/A

Permissions
and Access

Which granular permissions (OAuth scopes) does the app
request to act on behalf of users or the organization?

Are these permissions read-only, write, or admin-level?

Does the app support restricting permissions by user or
group (least privilege)?
  • read:jira-work:
  • write:jira-work:
  • read:jira-user:
  • read:issue:jira-software:
  • write:issue:jira-software:
  • write:epic:jira-software:
  • read:epic:jira-software:
  • write:remote-link:jira-software:
  • read:remote-link:jira-software:
  • storage:app:
  • manage:jira-configuration:
  • manage:jira-project:
  • The permissions are read, write and
    admin.
  • Yes, bulk-clone-pro users group and users with Jira’s native BULK_CHANGE
    permission.

Bot
and Automation Access

If the app uses bots or automation (e.g., Jira
Automation, webhooks), what data can these bots
access or modify?

Are bot activities logged and auditable?

 

 

No bot is used or Access to Jira Automation
needed.

 

 

N/A

 

Application
– Audit and Monitoring

Does the app generate detailed audit logs of user and
app activity?

Can audit logs be exported or integrated with your SIEM
or monitoring tools?
  • Only on relevant events like errors for the app activity

 

  • Yes, they can be downloaded

Telemetry
Data

Does the app provide telemetry data related to usage
and performance?

Does the app or connector access, store
and transfer EUII (End user identifiable information)
  • Yes, through Atlassian Developer Console

 

 

  • No, only logs that identify errors in a specific function of the app

Classification
of data Accessed

Please provide

Confidential

Third-Party
API Permissions

Does the app require permissions to other external
APIs?

If yes, which delegated or
application-level permissions are requested?

N/A

Data
Loss Prevention

Any C3 \ C4 data transfer or removal?

Does the app support or integrate with your organization’s
Data Loss Prevention policies or tools?

How does the app prevent unauthorized data leakage?
  • Data is stored in your cloud site, Atlassian’s processes apply to the data.
  • Logs stored by Bulk Clone can be removed from Settings by the Admin of your cloud site.
  • The app runs on your cloud site and it falls under the sites policies
  • The cloud site is responsible for the main data.

Device
Access and Security

Does the app access or control any end-user devices or
endpoints?

Are there controls to restrict or monitor device
access?
  • No

 

 

 

  • No