• Products
  • Documentation
  • Resources

Create a data security policy

Use a data security policy to control how your organization’s data is shared with users and apps. What is a data security policy?

To set up a data security policy, you need to:

  1. Create a policy

  2. Choose what data to cover

  3. Configure the policy rules

  4. Activate the policy

Who can do this?
Role: Organization admin
Plan: Some rules and coverage types require Atlassian Guard Standard (classification level coverage only through Atlassian Guard Premium)

Any organization admin can create, activate, deactivate, or delete any data security policies in your organization.

1. Create a policy

To create a new data security policy:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Data security policies.

  3. Select Create policy and give the policy a name.

  4. Select Create.

You now have an empty policy. Next, you need to add policy coverage and rules.

2. Choose what data to cover

To choose what data to cover:

  1. From your policy, select Add coverage.

  2. Choose whether to cover entire Products, specific Spaces and projects, or Classification levels. This can’t be changed once saved.

  3. Select the data you want to cover, then select Next. You can change this selection at any time.

  4. Review the coverage then select Save.

You can only select data that you have permission to access. If you need to set up a policy on behalf of another team, you may need to temporarily grant yourself product access.


There are some limits to be aware of:

  • If the policy covers entire products, you can select a maximum of 30 different product instances.

  • If the policy covers spaces and projects, you can select items from a maximum of 15 different product instances. We limit you to 15 items (spaces or projects) from each product instance. If you need to cover more items than this, you can create another policy.

  • You can have a maximum of 50 policies in your organization.

3. Apply rules and activate the policy

Only rules that are available for the coverage you selected will appear in your policy. Rules are set to allow by default, and must be configured. Manage data security policy rules

To configure a policy rule:

  1. From your policy, select the policy rule you want to configure.

  2. Follow the prompts to configure the rule then select Save.

If a rule is configured to block an action, it will be indicated under the rule name. In the example below the Data Export rule is configured to block exports, and the Public links rule is not configured, which means public links are allowed.

Sample policy showing two rules. One is configured.

4. Activate the policy

Before activating a policy, we recommend you communicate the impact to your end users.

To activate the policy:

  1. From your policy, select Activate policy.

  2. It may take a few moments for rules to be enforced.


Still need help?

The Atlassian Community is here for you.