Prevent anonymous access
An anonymous user is anyone who isn’t logged in to your Confluence instance or Jira product. This could be anyone on the internet, a member of your organization who isn't a licensed user, or someone who is a licensed user but they aren’t logged in.
This is sometimes known as public access in Confluence and Jira.
Understanding the anonymous access rule
The anonymous access rule allows you to prevent people who are not logged in from viewing pages and issues covered by a data security policy. What is a data security policy?
Who can do this? |
Add the anonymous access rule to your policy
If you haven’t created a data security policy yet, create one now. In Confluence and Jira, the anonymous access rule is available for policies that cover products, spaces and projects, or classification levels.
To add the anonymous access rule to your policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Data security policies.
Select your policy from the list.
Select Add rule.
Select the rule you want to add. Only rules that are available for your coverage area will appear.
Follow the prompts to configure the rule then Save.
People will not be able to view content covered by the policy without being logged in with the appropriate permissions.
What will my users experience?
When the anonymous access rule is set to Block anonymous access:
People must be logged in to see issues covered by this policy. They can’t view issues in filters, boards, search, or other places issues appear in Jira.
People must be logged in and be granted relevant permissions to see pages covered by this policy. They can’t view pages on the dashboard, search, macros or other places pages appear in Confluence. See Anonymous access in Confluence below for more information.
People will not be able to view the children of classified pages if the policy prevents viewing classified content.
If a user attempts to access a page or issue covered by this policy via a direct URL they’ll see a prompt to log in.
If a user attempts to access a page or issue covered by this policy via the REST API, the page or issue won’t be returned.
When the anonymous access rule is set to Allow anonymous access:
Permission schemes control whether people must be logged in to see issues covered by this policy.
Global and space permissions control whether people must be logged in to see pages covered by this policy.
Anonymous access in Confluence
Enabling anonymous access in Confluence allows individuals who aren't logged in to view content on your instance. This feature lets you share information with users who don't have licensed access, enabling them to view and collaborate on content without affecting your license count.
Some organizations disable anonymous access in global permissions but enable it for specific spaces. This approach provides a way to allow any licensed user to view those particular spaces. View the table below for more details.
Data security policy coverage type |
|
|---|---|
Product | A data security policy that blocks product anonymous, but anonymous access is enabled for individual spaces: the spaces remain accessible to licensed users that don’t have explicit permissions to view. |
Spaces
| A data security policy with container coverage and anonymous access is enabled at product level: the spaces are not accessible to logged in users that don’t have explicit permissions to view. |
Classifications | A data security policy with classifications coverage and anonymous access is enabled at space level: the classified spaces, classified pages, and children of classified pages are not accessible to logged in users that don’t have explicit permissions to view. |
Was this helpful?