• Products
  • Documentation
  • Resources

Create a data security policy

Use a data security policy to control how your organization’s data is shared with users and apps. What is a data security policy?

To set up a data security policy, you need to:

  1. Create a policy

  2. Choose what data to cover

  3. Configure the policy rules

  4. Activate the policy

Who can do this?

  • Organization admins

1. Create a policy

To create a new data security policy:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Data security policies.

  3. Select Create policy and give the policy a name.

  4. Select Create.

You now have an empty policy. Next, you need to add policy coverage and rules.

2. Choose what data to cover

The option to cover specific spaces and projects is only available through our Early Access Program (EAP).

To choose what data to cover:

  1. From your policy, select Add coverage.

  2. (EAP only) Choose whether to cover entire Products or specific Spaces and projects. This can’t be changed once saved.

  3. Select the data you want to cover, then select Next. You can change this selection at any time.

  4. Review the coverage then select Save.

Limits

There are some limits to be aware of:

  • If the policy covers entire products, you can select a maximum of 30 different product instances.

  • If the policy covers spaces and projects, you can select items from a maximum of 15 different product instances. We limit you to 15 items (spaces or projects) from each product instance. If you need to cover more items than this, you can create another policy.

  • You can have a maximum of 50 policies in your organization.

3. Apply rules and activate the policy

Only rules that are available for the coverage you selected will appear in your policy. Rules are set to allow by default, and must be configured. Manage data security policy rules

To configure a policy rule:

  1. From your policy, select the policy rule you want to configure.

  2. Follow the prompts to configure the rule then select Save.

If a rule is configured to block an action, it be indicated under the rule name. In the example below the Data Export rule is configured to block exports, and the Public links rule is not configured, which means public links are allowed.

Sample policy showing two rules. One is configured.

4. Activate the policy

Before activating a policy, we recommend you communicate the impact to your end users.

To activate the policy:

  1. From your policy, select Activate policy.

  2. It may take a few moments for rules to be enforced on the selected spaces or products.

Additional Help