Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Prevent anonymous access
An anonymous user is anyone who has not logged in to your product. Product administrators can choose to grant anonymous users permission to view or even create content. This is known as public access in Jira and Jira Service Management. About public access
The anonymous access rule allows you to prevent people who are not logged in from viewing pages and issues covered by a data security policy. What is a data security policy?
Who can do this? |
Add the anonymous access rule to your policy
If you haven’t created a data security policy yet, create one now. The anonymous access rule is available for policies that cover products (Confluence and Jira), spaces and projects (Confluence and Jira), or classification levels (Jira only).
To add the anonymous access rule to your policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Data security policies.
Select your policy from the list.
Select the Anonymous access rule.
Select Block anonymous access.
Save your changes.
People will not be able to view content covered by the policy without being logged in with the appropriate permissions.
What will my users experience?
When the anonymous access rule is set to Block anonymous access:
People must be logged in to see issues covered by this policy. They can’t view issues in filters, boards, search, or other places issues appear in Jira.
People must be logged in to see pages covered by this policy (except policies that cover Classification levels). They can’t view pages on the dashboard, search, macros or other places pages appear in Confluence.
If a user attempts to access a page or issue covered by this policy via a direct URL they’ll see a prompt to log in.
If a user attempts to access a page or issue covered by this policy via the REST API, the page or issue won’t be returned.
When the anonymous access rule is set to Allow anonymous access:
Permission schemes control whether people must be logged in to see issues covered by this policy.
Global and space permissions control whether people must be logged in to see pages covered by this policy
Was this helpful?
Still need help?
The Atlassian Community is here for you.