App access rule coverage summary

Overview

Cloud customers have the flexibility to control apps' access to certain user-generated content when using Atlassian products. User-generated content includes items such as Confluence pages, blog posts, attachments, the organization of the content tree, and metadata about that content such as a page’s version history and ownership. User-generated content for Jira includes items such as summary, description, labels, and comments within issues. While we encourage the use of apps to add functionality to our products, sometimes organizations that keep internal-only, sensitive, or confidential information in our products want to limit third-party app access to content in some projects or spaces while leaving the apps free to function in others.

Using app access rules, customers can customize and extend Jira and Confluence while maintaining control over app access to certain content in specific projects or spaces.

An app access rule is applied along with, not instead of, the user’s permissions. App functions that are available only to admin users cannot be used by users without those permissions, even when not blocked by an app access rule.

The sections below provide a summary of:

• The types of apps whose access to your data can be blocked by an app access rule.

• The Atlassian product-specific functionality that is blocked when an app access rule is in effect for that app and the space or project, and the product functionality that is still allowed when an app access rule is in effect.

Apps

Blocking access with an app access rule will block the app’s access to certain data for installed apps, app updates, and future app installs, with a limited number of exceptions.

Specifically, you can apply an app access rule to block access to data for any installed app except:

• apps built and supported by Atlassian that are pre-installed and required for proper product functionality, such as Smart Links

• application links that are used to connect Confluence and Jira product instances

• apps that use Atlassian API tokens to access data, certain apps in the Atlassian DevOps ecosystem, and certain apps that are moving to Atlassian’s next-generation development platform, Forge

• whenever an admin has enabled public anonymous access to a space or project, anonymous users will be able to interact with certain blocked apps accessing data in that space or project

• a private app you are developing on Atlassian’s Forge platform, that you have installed in development or staging (an app access rule can only be applied to apps in production)

For a complete list of apps that may not be able to be blocked, see Apps that cannot be blocked by app access rules.

Product-specific functionality

Each Atlassian product provides applications with the ability to access and work with data specific to that product. For example, Jira provides functions related to issues, workflows, projects, and other Jira data objects. Confluence provides functions related to pages, blogs, whiteboards, spaces, and other Confluence objects.

See the following pages for a summary of product-specific functionality that is blocked and not blocked when an app access rule applies.

• App access rule coverage summary for Jira Cloud

  • Jira Software and Jira Work Management

  • Jira Service Management

• App access rule coverage summary for Confluence Cloud

  • Confluence Cloud

Related links:

• App Access for Confluence Cloud REST APIs

• App Access for Jira Cloud REST APIs