Atlassian Cloud support data access request FAQ
Platform Notice: Cloud Only - This article only applies to Atlassian apps on the cloud platform.
Summary
This article tells you how to grant Atlassian Support access to data in your Cloud site, who is allowed to grant it, what Support can and cannot do once access is granted, and how to revoke it.
If you arrived here looking for a specific answer, jump to your situation:
My ticket asks me to grant data access; how do I do it? → Grant data access
I tried to grant access but the option is missing or disabled → Why can't I grant access?
I want to know what Support can see, and how I can monitor it → What Support can see and how to audit it
I have questions about Rovo, AI conversations, or Atlassian Guard → Rovo, AI, and Guard data access
I want to revoke access or know what happens at ticket close → Revoke data access
Platform notice: This article applies to Atlassian Cloud only. Data Center and Server have their own access procedures.
Solution
What is data access?
Data access allows the support team to access your Atlassian Cloud site and investigate the issue you reported.
Why was data access requested?
Granting permission to access your cloud instance will help the Atlassian Support team investigate and resolve your issues. By examining the reported problem directly and gathering logs, the team can expedite the ticket's resolution and address issues more efficiently.
Who can grant data access
The user who grants data access must hold a role with permission over the specific product the support ticket is about. Holding a role on a different product or at the wrong scope is the most common reason the Approve data access button is missing or disabled.
Centralized User Management
Role | Scope of grant |
|---|---|
Organization admin | Any product on any site in the organization |
Product admin | Only the product they administer (e.g. Jira admin cannot grant for Confluence) |
Billing admin (was: Billing contact) | Only products on sites where they are listed as billing |
Technical contact | Only products on sites where they are listed as technical contact |
User access admin | Any product on sites they administer |
Original User Management
Role | Scope of grant |
|---|---|
Organization admin | Any product on any site in the organization |
Site admin | Any product on the sites they administer |
Product admin | Only the product they administer |
Trusted user | Only the product they administer |
Billing contact | Only products where they are listed as billing |
Technical contact | Only products where they are listed as technical contact |
Not sure which experience your site uses? Open admin.atlassian.com. If you see a Directory tab at the top, you are on Centralized. If Users sits under the Product site instead, you are on Original.
If you are a Product admin and the button is missing, see "Why can't I grant access?" , most likely you are an admin for a different product than the one the ticket is about.
Grant data access
You can grant access in three places. All three send the same authorization to the engineer working your ticket.
Path 1 - At ticket creation (fastest)
On the support request form there is a checkbox: "I give Atlassian Support personnel permission to access data in my Atlassian Cloud instance to assist me with my request."
Tick the box, submit the ticket, no further action needed.
If you uncheck it, the engineer cannot start work until you grant access via Path 2 or Path 3.
Path 2 - From the support portal (works after the ticket is created)
Open the ticket at support.atlassian.com
In the right-hand sidebar, select Approve data access.
The engineer receives the grant within ~30 seconds.
Path 3 - From the admin console
If you have multiple open tickets needing access, or you administer the account on someone else's behalf:
Open admin.atlassian.com.
Select the affected site, then Settings → Support access.
Approve outstanding requests in bulk, or revoke earlier grants.
The Atlassian support engineer assigned to your support ticket may need to apply changes to permissions required to gain access to specific projects during the investigation.
Actions performed by Atlassian support are logged for auditing purposes.
Need to grant access for someone else's ticket? A user with a matching role can grant on the reporter's behalf via Path 2 or Path 3, even if they are not the ticket reporter.
Why can't I grant access?
If the Approve data access button is missing, disabled, or grants silently fail, work through this checklist in order:
Cause | How to confirm | Fix |
|---|---|---|
You are an admin on a different product than the ticket is about. | Open the ticket and check the Product field in the sidebar. Then check your role for that exact product in admin.atlassian.com | Ask another admin who manages the affected product to grant on your behalf, or have an Org admin elevate your role. |
You hold the right role on the wrong site. | The grant must be for the same site the affected product is on. | Confirm site URL in the ticket matches the site you administer. |
Your role is "Billing contact" or "Technical contact" but you are not listed for this specific product. | These two roles are product-scoped, not org-wide. | Add yourself as a contact for the affected product, or escalate to Org admin. |
The ticket was created against a deactivated site. | Sites pending deletion accept tickets but reject access grants. | Reactivate the site, or open a new ticket on an active site. |
A SCIM-managed user role is not synced. | If your role was set via SCIM and recently changed, the grant API may not see the new role. | Trigger a manual SCIM sync, then retry. |
Still stuck? Reply to your ticket with: "I cannot grant data access; which role do I need on this site/product?" The engineer can confirm the exact role required for the product the ticket is about.
What Support can see and how to monitor it?
When you grant data access, the engineer assigned to your ticket can:
Read any work item, comment, attachment, or page in the products covered by the grant.
View user, group, and permission configuration in the affected products.
View audit logs and admin settings necessary for the investigation.
Support cannot:
Read content from sites or products outside the scope of the grant.
Make changes to your site without your explicit consent (any update is requested in the ticket first).
Read content from products you have not licensed.
How to audit what Support has done
Every action a Support engineer takes is logged. To review:
Open admin.atlassian.com.
Select your organization, then Security → Audit log.
Filter by Actor =
username@atlassian.com(or by date range matching the ticket window).Each row shows the action, the affected resource, and the timestamp.
Atlassian Guard customers can also use the Audit log API to stream Support-actor events into a SIEM for ongoing monitoring.
How long does Support retain access?
Access is automatically revoked when the ticket reaches a Closed status. You can revoke earlier at any time; see "Revoke data access".
Rovo, AI conversations, and Atlassian Guard
What about my Rovo conversations?
Granting Support data access does not automatically grant access to your Rovo conversation history. Rovo chat history is held separately with its own access controls. If a Support engineer needs to see Rovo conversation history to investigate a Rovo-specific issue, they will request a separate, narrower grant in your ticket and tell you exactly which conversations they need to view.
For the full data-handling policy, see Rovo and Atlassian Intelligence customer data is not used for AI model training.
Does Support see what Rovo indexed from my products?
Support engineers see your products as Rovo sees them: the same data, the same permissions. Rovo does not give Support a separate view that bypasses permissions you have already set in Jira, Confluence, or other products.
Can I delete Rovo's stored data about my organization?
Yes. Submit a deletion request via the Rovo data, privacy, and usage guidelines. Deletion of Rovo conversation history is independent of any Support data access grant.
How does Atlassian Guard change the flow?
If your organization has Atlassian Guard enabled with Support access restrictions, all data-access grants must be additionally approved by a Guard admin (this is configured per-site). When restrictions are active:
The end user grants access via Path 1, 2, or 3 as usual.
The grant enters a pending Guard admin approval state.
The Guard admin receives an email and approves or denies in admin.atlassian.com → Security → Support access requests.
Only then does the Support engineer receive the grant.
Revoke data access
You can revoke access at any time during a ticket's lifecycle.
From the support portal
Open the ticket at support.atlassian.com/requests/
Select Revoke data access in the right-hand sidebar.
The engineer loses access immediately.
From the admin console
Open admin.atlassian.com → site → Settings → Support access.
Select the grant and choose Revoke.
Automatic revocation
Access is automatically revoked when the ticket reaches a Closed status. You do not need to revoke manually after a ticket is closed.
What happens to in-flight investigation?
Any session in progress ends immediately.
The engineer can re-request access via the ticket if needed.
Audit log entries up to the moment of revocation are preserved.
Is my data safe?
Your data is protected under the Atlassian Customer Agreement (specifically Section 16 - Confidentiality).
In addition:
Support engineers are bound by Atlassian's confidentiality and code of conduct policies.
Every Support action is logged (see "How to audit what Support has done").
Support cannot export your data outside Atlassian's data-processing boundaries.
Granular data residency commitments still apply; see Understand data residency.
Was this helpful?