AIO Tableau Connector for Jira, uses OAuth protocol to access Jira rest API on behalf of the users. The add-on never asks for a user's Jira credentials. All the calls to the rest api are made using OAuth authentication and the data returned by Jira is governed by the access permissions of the user whose OAuth credentials were passed in the request.
Every user gets its own unique URL via AIO Tableau > My Connector URL menu. The data returned by this unique URL is restricted by the Jira permissions for the user to whom the URL belongs.
The token at the end of each URL is different for each user and maps to the OAuth credentials, which are passed to the JIRA rest API with each request to fetch the data.
The access to the Add-On can be controlled via AIO Tableau > AIO Admin > App Permissions section. This section is only accessible to a Jira administrator. Here the administrator can select the Jira groups for which the add-on should be available and accessible. Users in the groups, that are not selected on this screen, will not see the AIO Tableau menu item and will also not be able to access the page via direct URL.