• Documentation

What is a data security policy?

A data security policy helps you keep your organization’s data secure by letting you govern how users, apps, and people outside of your organization can interact with content such as Confluence pages and Jira issues.

Data security policies take a content-based approach to governing how your data in Atlassian products can be used. This is different to a user-based approach that relies on giving or revoking specific permissions that allow users or apps to perform certain actions.

What’s in a policy?

There are two main elements of a data security policy: the policy coverage and policy rules.

The policy coverage is the scope of products, spaces, projects, or classification levels that a policy applies to. A product, space, or project can be part of more than one policy.

Policy rules are security controls that are available to be configured as part of a policy. What data security policy rules are available?

Detail view of a data security policy.
  1. Policy name and description: Name of the policy and an optional description to help give context for the policy.

  2. Policy metadata and status: Information about the person who created and last updated the policy, and an indication of whether the policy is active or not.

  3. Policy coverage: The data that the policy applies to.

  4. Policy rule: A security control configured as part of a policy, and enforced for the data specified in the policy coverage.

Example

This is an example of two different policies set up by Acme Inc.

One combination of overlapping data security policies, where two products are simultaneously covered by two policies.

In this example, Policy 1 covers Acme’s products that contain personally identifiable information (PII) and has the security requirements to not allow users to download content, not allow apps access to data, and not allow anyone the ability to enable anonymous access to these products.

Policy 2 covers Acme’s products that contain information not approved for public distribution and has the security requirements to not allow users to download content and not allow anyone the ability to enable anonymous access to these products.

Two of Acme’s products are covered by both Policy 1 and Policy 2. Data security policies are additive, which means any product that is included in more than one policy is subject to all the policy rules specified by all the policies that cover that product.

Availability

Not all rules and coverage types are available for every product. Some rules and coverage types also require a particular plan.

Rules

Coverage type: Spaces and projects

Coverage type: Products

Coverage type: Classification levels

Anonymous access rule

Products: Jira, Confluence

Plan: Atlassian Guard Standard

Products: Jira, Confluence

Plan: Atlassian Guard Standard

Products: Jira

Plan: Atlassian Guard Premium

Data export rule

Products: Jira, Confluence

Plan: Atlassian Guard Standard

Products: Jira, Confluence

Plan: Atlassian Guard Standard

Products: Jira, Confluence

Plan: Atlassian Guard Premium

Public links rule

Products: Confluence

Plan: Atlassian Guard Standard

Products: Confluence

Plan: Atlassian Guard Standard

Products: Confluence

Plan: Atlassian Guard Premium

App access rule

Products: Confluence, Jira

Plan: No additional plan required, but Atlassian Guard Standard provides extra capabilities

Not available

Not available

What happens if I cancel my subscription?

Some data security policy rules and coverage types require an Atlassian Guard Standard subscription.

If you cancel your subscription your existing policies will still be enforced, but any rules or coverage that require Atlassian Guard Standard can’t be edited or changed until you restart your subscription. If you don’t plan to restart your subscription you can disable or delete the polices you no longer need.

If your policy blocks app access to data for selected apps, you’ll have the option to switch to block all apps, which does not require an Atlassian Guard Standard subscription.

Still need help?

The Atlassian Community is here for you.