Block Marketplace and custom app access
By default, Marketplace and third-party apps can access data such as Confluence pages and Jira issues in the apps in which they’re installed. You can use the Marketplace and custom app access control that's part of your data security policy to help manage certain types of access to your organization’s data. What is a data security policy?
The functionality of the control depends on your subscription. All organization admins are able to use an override to block all eligible Marketplace and custom apps. The override blocks those apps from accessing user-generated content, such as Confluence pages and Jira work item data in their organization. Customers with Atlassian Guard Standard have more fine-grained control over which Marketplace and custom apps are blocked and when they’re blocked.
Not all Marketplace and custom apps are eligible for blocking with this control. What cannot be blocked by the Marketplace and custom app access control
The following table describes what options you have for eligible Marketplace and custom apps.
What I want to do | Where I want to do it | The plan I need | How I can achieve it |
|---|---|---|---|
Allow all
| on all Atlassian apps (Least secure) | すべてのプラン | Nothing to do! This is the default. If you’ve added any overrides (described later on this page), delete them to allow all once more. |
Block all | on selected Atlassian spaces | すべてのプラン | See ‘Block Marketplace and custom app access’ below |
Allow some | on all Atlassian spaces | Guard Standard or Guard Premium | See ‘Allow some eligible Marketplace or custom apps on all Atlassian apps and spaces’ below |
Allow some | on selected Atlassian spaces | Guard Standard or Guard Premium | See ‘Allow some eligible Marketplace or custom apps on selected spaces’ |
Block all eligible Marketplace and custom apps
Who can do this? |
You can use an override to block all eligible Marketplace and custom apps from your Atlassian apps. You can block up to 2,000 spaces from up to 2,500 apps.
Not all Marketplace and custom apps are eligible for blocking with this control. What cannot be blocked by the Marketplace and custom app access control
To block all eligible Marketplace and custom apps:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Security > Data protection > Data security policy.
From the list of controls, select Marketplace and custom app access to display your existing control settings.
If no draft exists, select Create draft in the top right corner, then select Add override.
OR
If a draft exists, select Edit in the top right corner, then select More actions (), then Edit override.
A list of your Atlassian apps will appear, along with their spaces. The spaces will update when you change Atlassian apps.Select the first Atlassian app on the left, then use the checkbox options to select the spaces that you wish to block from the Marketplace or custom app.
For each Atlassian app, repeat the space selection process.
Select Save overrides.
When your draft control is completely configured, select Activate in the top right corner of your screen. This replaces your existing live control configuration, which you can’t get back.
After you do this, all eligible current and any eligible future Marketplace and custom apps installed on Atlassian apps covered by this control will be blocked from accessing data.
The Marketplace and custom app access control lets you manually select spaces from your Atlassian apps to block. If you add a new space to an Atlassian app, and you wish to block Marketplace and custom apps from that space, make sure you update the control to include the new space.
Allow some eligible Marketplace or custom apps on all Atlassian apps and spaces
この操作を実行できるユーザー |
You can add a custom app control for each Marketplace or custom app. A custom app control allows a Marketplace or custom app to access all Atlassian apps and spaces.
You can combine this with other blocking options described on this page to allow the right level of access. These combined settings in the Custom app controls tab take precedence over your other control settings.
You can add as many installed Marketplace and custom apps to the list as you need. For each installed app, you can add up to 2,000 space overrides from 2,500 Atlassian apps (Confluence and Jira).
To allow some Marketplace or custom apps through a custom app control:
Ensure you’re viewing the draft of the Marketplace and custom apps control (see the previous steps if you need help with this).
Select the Custom app controls tab.
Select Add app control to display your list of installed apps.
Select the app you want to allow from the list that you wish to allow.
追加 を選択します 。
Repeat these steps to add any additional apps that you wish to allow.
When you’re ready, select Activate in the top right corner of your screen to activate your draft control. This replaces your existing live control configuration, which you can’t get back.
Allow some eligible Marketplace or custom apps on selected spaces
この操作を実行できるユーザー |
You can limit an eligible installed app’s access to your selection of spaces. You can block up to 2,000 spaces from up to 2,500 Atlassian apps.
Before starting, make sure you’ve followed the steps on this page to add a custom app control for each Marketplace or custom app you wish to limit access to.
To add an override to a custom app control:
Ensure you’re viewing the draft of the Marketplace and custom apps control (see the previous steps if you need help with this).
Select the Custom app controls tab.
From the list of Marketplace and custom apps, find the app that you’d like to block for specific Atlassian apps or spaces.
Select More actions (), then Edit access.
A list of your Atlassian apps will appear, along with their spaces. The spaces will update when you change Atlassian apps.Select the first Atlassian app on the left, then use the checkbox options to select the spaces you wish to block the installed app from.
For each Atlassian app, repeat the space selection process.
Select Save overrides.
Repeat these steps to add any additional apps that you wish to limit.
When you’re ready, select Activate in the top right corner of your screen to activate your draft control. This replaces your existing live control configuration, which you can’t get back.
How the Marketplace and custom app control works
どのデータがブロックされますか?
This control prevents Marketplace and custom apps from accessing certain user-generated content, such as Jira work items and Confluence pages. Marketplace and custom apps may still be able to access some types of user-generated content, such as space names. For more information about what data is covered by this control, see Marketplace and custom app access control coverage summary
What Marketplace and custom apps will be blocked?
Some Marketplace and custom apps cannot be blocked. For more information, see What cannot be blocked by the Marketplace and custom app access control
私のユーザーはどのような体験をするでしょうか?
Blocking access through this control will block access to certain data for currently installed Marketplace and custom apps, any updates to them, and future Marketplace and custom app installations. Users can no longer see it or interact on pages or work items, and if it provides experiences at the space level, the information it displays will be restricted by what it has access to (for example, Jira work item details). If that Marketplace or custom app has its own data storage, it may retain data in line with its data retention policy. If you reinstall it during the data retention period, that data may still be retrieved and displayed when a user interacts with the Marketplace or custom app. Below are some general scenarios that apply to Marketplace apps, custom apps, third-party apps, and any other apps you add to your Atlassian apps. For more specific information, check the Other considerations section further down this page.
Scenario 1: You block a custom app with external storage
Imagine you block a custom app in two of your Confluence spaces. It had previously been installed, and saved data outside of the Atlassian cloud. People won’t see the custom app in either of those two spaces. The spaces will behave as if the custom app isn’t installed: they will display error messages when someone tries to load the custom app in a macro, links to the custom app won’t be accessible, and the space won’t support any of the custom app’s functions, such as displaying inline dialogues. The custom app can retain the data it’s stored until the end of its retention policy. Check the list in Other considerations on this page for the impact of blocking installed apps.
Scenario 2: You re-enable the custom app with external storage
Imagine you re-enable the same custom app that was previously blocked in two of your Confluence spaces. People will see the custom app in both of those two spaces, and before they start using it, you should check that it’s functioning as expected (see the list in Other considerations on this page for details). It can retrieve and display any data it stored previously if its retention policy allows it.
What happens to a Marketplace or custom app if it's uninstalled or the policy coverage changes?
When you uninstall a Marketplace or custom app, your control doesn’t change. This means that if you decide to reinstall it, or make more changes to a policy’s coverage, your original configuration for that Marketplace or custom app is restored
In the example above, the policy says that three Marketplace or custom apps are blocked but only two Marketplace and custom apps appear on the blocklist. This indicates that there’s one additional installed app associated with the policy that will reappear if it is reinstalled or the policy coverage changes again.
If you need to make significant changes to your policy and don’t want the decision to block or allow a Marketplace or custom app to persist, we recommend you remove the app from the blocklist or allowlist before changing the policy coverage or uninstalling the the app. Alternatively, you can create a new policy and delete the existing one.
その他の考慮事項
Before configuring the Marketplace or custom app access control, consider informing the admins and users of any sites and spaces that will be impacted.
When preparing to use a Marketplace and custom app access control, you should consider the following points:
If you block Marketplace and custom app access, it will not affect the data that it had stored before the block was applied. This means that the Marketplace or custom app may still have data stored externally after blocking and it may display outdated data in sites or spaces where it is not blocked. The retention of Marketplace or custom app data is subject to its retention policy. We recommend you check the privacy policy available from the Marketplace app’s listing page or reach out to the partner if you have questions about the Marketplace or custom app's data retention policy.
Marketplace or custom apps can still be installed on a site where Marketplace or custom apps are blocked, but they cannot access certain data. When blocking Marketplace or custom app access, the Marketplace or custom app will remain installed.
Marketplace or custom app developers can add features at a Confluence site level, such as on your home page feed and settings page, or at a site level, such as permission schemes and other shared configuration. If you block a Marketplace or custom app in a site’s Confluence or Jira spaces, its site features will still be visible. If a site feature includes information about a space where Marketplace or custom apps are blocked, it may appear as if the Marketplace or custom app can still access that space, but it actually cannot access certain data and may display incorrect information.
For example, if a Marketplace or custom app saves information about issues in its own storage, it is possible for the Marketplace or custom app to display outdated information from its storage without current access to the actual issue data, depending on its data retention policy.
An admin can still update a Marketplace or custom app that’s blocked, but they won’t be notified that it’s blocked in a particular space. When managing Marketplace or custom apps for a site, an admin will see a BLOCKED lozenge displayed next to each app that is blocked in one or more spaces by the Marketplace or custom app access control. Review the data security policy settings to identify the specific spaces affected.
What about permissions to access data that the Marketplace or custom app requests as it’s being installed?
When you install a Marketplace or custom app, you receive a message as part of the installation flow about the Marketplace or custom app's actions. There may also be information on how the Marketplace or custom app manipulates your data, such as whether it reads, writes, or deletes data.
Marketplace or custom apps blocked by a Marketplace and custom app override lose all ability to read, write, or delete the user-generated content that is covered by the override, regardless of permissions. However, blocked Marketplace or custom apps will still have the ability to make certain changes (for example, read and make changes to user groups and permission schemes), if allowed by the permissions requested at installation. For more information, see What cannot be blocked by the Marketplace and custom app access control. Marketplace or custom apps that are allowed can perform any of the actions stipulated on installation, subject to user permissions.
この内容はお役に立ちましたか?