Security in Mass Delete
During the installation JIRA will create an artificial "user" representing the add-on in the system. The user is called "Mass Delete" and is visible in User Management like a regular user account (but it does not count toward the user limit). The add-on will use this account to communicate with JIRA.
To control what the add-on can do, adjust permissions of this artificial user. If your JIRA is configured in a way that does grant new users access to some issues or the ability to remove them, it will be necessary to configure the permissions before using Mass Delete for JIRA. Otherwise the add-on will be unable to operate, acting on fewer issues than expected or even reporting errors related to lack of project or issue visibility, or authorization to remove issues.
When used in JIRA Server, Mass Delete performs all operations as the user who is currently logged in. Issues will be removed using access rights of the user who created the deletion job.