Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Cloud customers have the flexibility to control apps' access to certain user-generated content when using Atlassian products. User-generated content includes items such as Confluence pages, blog posts, attachments, the organization of the content tree, and metadata about that content such as a page’s version history and ownership. User-generated content for Jira includes items such as summary, description, labels, and comments within issues. While we encourage the use of apps to add functionality to our products, sometimes organizations that keep internal-only, sensitive, or confidential information in our products want to limit third-party app access to content in some projects or spaces while leaving the apps free to function in others.
Using app access rules, customers can customize and extend Jira and Confluence while maintaining control over app access to certain content in specific projects or spaces.
An app access rule is applied along with, not instead of, the user’s permissions. App functions that are available only to admin users cannot be used by users without those permissions, even when not blocked by an app access rule.
Adding an app access rule could have an impact on apps that previously used or relied on data in a space.
Apps that expect certain technical functionality like specific REST APIs and webhooks to always be available to them may no longer function properly, which can affect users' experience on your site.
Blocking an app's access to data by adding an app access rule could result in the app deleting the data as no longer required. This data may not be restorable if you unblock the app, depending on how an app developer applies their retention policies. It is recommended you check the Privacy policy available from the app’s listing page or reach out to the partner if you have questions about the apps data rentention policy.
The sections below provide a summary of:
The types of apps whose access to your data can be blocked by an app access rule.
The Atlassian product-specific functionality that is blocked when an app access rule is in effect for that app and the space or project, and the product functionality that is still allowed when an app access rule is in effect.
Blocking access with an app access rule will block the app’s access to certain data for installed apps, app updates, and future app installs, with a limited number of exceptions.
Specifically, you can apply an app access rule to block access to data for any installed app except:
apps built and supported by Atlassian that are pre-installed and required for proper product functionality, such as Smart Links
application links that are used to connect Confluence and Jira product instances
apps that use Atlassian API tokens to access data, certain apps in the Atlassian DevOps ecosystem, and certain apps that are moving to Atlassian’s next-generation development platform, Forge
whenever an admin has enabled public anonymous access to a space or project, anonymous users will be able to interact with certain blocked apps accessing data in that space or project
a private app you are developing on Atlassian’s Forge platform, that you have installed in development or staging (an app access rule can only be applied to apps in production)
For a complete list of apps that may not be able to be blocked, see Apps that cannot be blocked by app access rules.
Each Atlassian product provides applications with the ability to access and work with data specific to that product. For example, Jira provides functions related to issues, workflows, projects, and other Jira data objects. Confluence provides functions related to pages, blogs, whiteboards, spaces, and other Confluence objects.
See the following pages for a summary of product-specific functionality that is blocked and not blocked when an app access rule applies.
App access rule coverage summary for Jira Cloud
Jira
Jira Service Management
App access rule coverage summary for Confluence Cloud
Confluence Cloud
Related links:
Was this helpful?