Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Block app access
The app access rule is currently only available through our Early Access Program (EAP).
By default, installed apps can access data in any of your Confluence spaces. You can manage apps' access to your organization’s data through a data security policy with the app access rule. Learn more about data security policies
Configuration options
The app access rule has two configuration options:
Allow app access (default): Allows apps to access data in your organization.
Block app access: Blocks installed apps, app updates, and future app installs from accessing data.
Before applying an app access rule, consider informing the admins and users of any sites and Confluence spaces where you intend to apply the rule.
When preparing to use an app access rule, you should consider the following points:
If you block app access, it will not affect the data that an app had stored before the rule was implemented. This means that the app may still have data stored externally after blocking and apps may display outdated data in Confluence spaces or sites where it is not blocked. The retention of app data is subject to the app developer's data retention policy.
Apps can still be installed on a site where apps are blocked, but they cannot access any data. When blocking app access, the app will remain installed.
App developers can add features at a site level, such as on your home page feed and settings page. If you block an app in a site’s Confluence spaces, the app’s site features will still be visible. If a site feature includes information about a Confluence space where apps are blocked, it may appear that the app can still access the Confluence space, but the app cannot access any data.
An admin can still update apps that are blocked, but they won’t be notified that it’s blocked in a Confluence space.
What apps will be blocked?
Blocking app access will block access to data for installed apps, app updates, and future app installs. It will not block:
System apps built and supported by Atlassian that exist in all of your products.
Application Links that are used to connect Confluence and Jira instances.
Apps that request or store Atlassian API tokens to access a REST API that do not currently support authentication from apps.
What will my users experience?
When the Block app access option is selected, users will no longer see apps in Confluence spaces where they are blocked and the apps will behave as though they have been uninstalled. Users will see errors informing them that the app cannot be loaded in macros, links to apps will no longer be accessible, and supporting app functions such as inline dialogues will no longer appear. When Allow app access is selected, apps will appear as normal and all app functions will be available.
Was this helpful?