Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Prevent data export
Data classification is currently only available through the Atlassian Information Security Beta program. If you’re not part of the program, subscribe to our Cloud roadmap to be informed when this feature becomes generally available.
The data export rule allows you to block the export of data in the products or classification levels covered by a data security policy. What is a data security policy?
This is useful if you need to prevent people from exporting sensitive data to PDF, XML, CSV, and other available formats.
Who can do this? |
Add the data export rule to your policy
If you haven’t created a data security policy yet, create one now. The data export rule is available for policies that cover products (Confluence only), or classification levels (Confluence and Jira).
To add the data export rule to your policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Data security policies.
Select your policy from the list.
Select the Data export rule.
Select Block data export.
Save your changes.
People will not be able to export issues, pages, or blogs covered by the policy.
What will my users experience?
Depending on the product, the user will either not see an export option, or will see a message to indicate that exporting is blocked by their organization.
Blocked in Confluence
Export page to PDF and Word ( > Export)
Export blog to PDF ( > Export)
Export space to CSV, HTML, XML, and PDF (Space settings > Content tools > Export)
Blocked in Jira products
Export individual issue to Word and XML ( > Export)
Export multiple issues (filters, queries) to XML, RSS, Word, HTML, CSV, XLSX (Issues > Export issues)
If the user attempts to export content via a URL or API, the request will return a “can’t export” error.
Limitations
The data export rule doesn’t prevent apps from exporting content from Confluence or Jira products.
The data export rule doesn’t control (or block) browser-based export actions such as print, save, or actions performed by browser extensions.
If someone exports a Confluence space to CSV, and a data security policy blocks exports for a particular classification level, child pages of the page that has been classified will not be included in the export. This only applies to the CSV export. For XML, PDF, and Word, only the classified pages will be omitted.
Was this helpful?