Marketplace and custom app access rule coverage summary
概要
Cloud customers have the flexibility to control access to installed apps — such as Marketplace apps, custom apps, and other third-party apps — to certain user-generated content when using Atlassian app. User-generated content includes items such as Confluence pages, blog posts, attachments, the organization of the content tree, and metadata about that content such as a page’s version history and ownership. User-generated content for Jira includes items such as summary, description, labels, and comments within issues.
While we encourage the use of Marketplace apps, custom apps, and other third-party apps to add functionality to Atlassian apps, sometimes organizations that keep internal-only, sensitive, or confidential information in Atlassian apps want to limit installed app access to content in some projects or spaces while leaving them free to function in others.
Using Marketplace and custom app access rules, customers can customize and extend Jira and Confluence while maintaining control over Marketplace, custom and other third-party app access to certain content in specific projects or spaces.
A Marketplace and custom app access rule is applied along with, not instead of, the user’s permissions. Marketplace and custom app functions that are available only to admin users cannot be applied by users without those permissions, even when not blocked by a Marketplace and custom app access rule.
Adding a Marketplace and custom app access rule could have an impact on installed apps that previously used or relied on data in a space.
Installed apps that expect certain technical functionality like specific REST APIs and webhooks to always be available to them may no longer function properly, which can affect users' experience on your site.
Blocking an installed app's access to data by adding a Marketplace and custom app access rule could result in the installed app deleting the data as no longer required. This data may not be restorable if you unblock the installed app, depending on how a Marketplace app developer applies their retention policies. We recommend you check the privacy policy available from the Marketplace app’s listing page, or reach out to the partner if you have questions about the data retention policy.
Who can do this? |
このページの次のセクションでは、次のような項目に関する要約を説明します。
The types of installed apps that can have their access to your data blocked by a Marketplace and custom app access rule.
The Atlassian app-specific functionality that is blocked when a Marketplace and custom app access rule is in effect for that installed app and the space or project, and the app functionality that is still allowed when a Marketplace and custom app access rule is in effect.
Marketplace, custom and otherThird-party apps
Blocking access with a Marketplace and custom app access rule will block a selected installed app’s access to certain data for installed apps, updates to that installed app, and future re-installations of that installed app, with a limited number of exceptions.
Specifically, you can apply a Marketplace and custom app access rule to block access to data for any installed apps except in the following circumstances:
Installed apps built and supported by Atlassian that are pre-installed and required for proper Atlassian app functionality, such as Smart Links.
Third-party application links that are used to connect Confluence and Jira app instances.
Marketplace, custom and other third-party apps that use Atlassian API tokens to access data, certain Marketplace, custom and other third-party apps in the Atlassian DevOps ecosystem, and certain Marketplace, custom and other third-party apps that are moving to Atlassian’s next-generation development platform, Forge.
Whenever an admin has enabled public anonymous access to a space or project, anonymous users will be able to interact with certain blocked installed apps accessing data in that space or project.
A private app you are developing on Atlassian’s Forge platform, that you have installed in development or staging (a Marketplace and custom app rule can only be applied to private apps in production).
For a complete list of Marketplace, custom and other third-party apps that may not be able to be blocked, see What cannot be blocked by the Marketplace and custom app access rule.
Atlassian app-specific functionality
Each Atlassian app provides the ability to access and work with data specific to that app. For example, Jira provides functions related to issues, workflows, projects, and other Jira data objects. Confluence provides functions related to pages, blogs, whiteboards, spaces, and other Confluence objects.
See the following pages for a summary of Atlassian app-specific functionality that is blocked and not blocked when a Marketplace and custom app access rule applies.
Marketplace and custom app access rule coverage summary for Jira Cloud
Jira
Jira Service Management
Marketplace and custom app access rule coverage summary for Confluence Cloud
Confluence Cloud
関連リンク:
この内容はお役に立ちましたか?