Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Use a data security policy to control how your organization’s data is shared with users and apps. What is a data security policy?
To set up a data security policy, you need to:
Create a policy
Choose what data to cover
Configure the policy rules
Activate the policy
Who can do this? |
Any organization admin can create, activate, deactivate, or delete any data security policies in your organization.
To create a new data security policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Data security policies.
Select Create policy and give the policy a name.
Select Create.
You now have an empty policy. Next, you need to add policy coverage and rules.
To choose what data to cover:
From your policy, select Add coverage.
Choose whether to cover entire Products, specific Spaces and projects, or Classification levels. This can’t be changed once saved.
Select the data you want to cover, then select Next. You can change this selection at any time.
Review the coverage then select Save.
You can only select data that you have permission to access. If you need to set up a policy on behalf of another team, you may need to temporarily grant yourself product access.
There are some limits to be aware of:
If the policy covers entire products, you can select a maximum of 30 different product instances.
If the policy covers spaces and projects, you can select items from a maximum of 15 different product instances. We limit you to 15 items (spaces or projects) from each product instance. If you need to cover more items than this, you can create another policy.
You can have a maximum of 50 policies in your organization.
Only rules that are available for the coverage you selected will appear in your policy. Rules are set to allow by default, and must be configured. Manage data security policy rules
To configure a policy rule:
From your policy, select the policy rule you want to configure.
Follow the prompts to configure the rule then select Save.
If a rule is configured to block an action, it will be indicated under the rule name. In the example below the Data Export rule is configured to block exports, and the Public links rule is not configured, which means public links are allowed.
Before activating a policy, we recommend you communicate the impact to your end users.
To activate the policy:
From your policy, select Activate policy.
It may take a few moments for rules to be enforced.
Was this helpful?