Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
An anonymous user is anyone who has not logged in to your product. Product administrators can choose to grant anonymous users permission to view or even create content. This is known as public access in Jira and Jira Service Management. About public access
The anonymous access rule allows you to prevent people who are not logged in from viewing pages and issues covered by a data security policy. What is a data security policy?
Who can do this? |
If you haven’t created a data security policy yet, create one now. The anonymous access rule is available for policies that cover products (Confluence and Jira), spaces and projects (Confluence and Jira), or classification levels (Jira only).
To add the anonymous access rule to your policy:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Data security policies.
Select your policy from the list.
Select Add rule.
Select the rule you want to add. Only rules that are available for your coverage area will appear.
Follow the prompts to configure the rule then Save.
People will not be able to view content covered by the policy without being logged in with the appropriate permissions.
When the anonymous access rule is set to Block anonymous access:
People must be logged in to see issues covered by this policy. They can’t view issues in filters, boards, search, or other places issues appear in Jira.
People must be logged in to see pages covered by this policy (except policies that cover Classification levels). They can’t view pages on the dashboard, search, macros or other places pages appear in Confluence.
If a user attempts to access a page or issue covered by this policy via a direct URL they’ll see a prompt to log in.
If a user attempts to access a page or issue covered by this policy via the REST API, the page or issue won’t be returned.
When the anonymous access rule is set to Allow anonymous access:
Permission schemes control whether people must be logged in to see issues covered by this policy.
Global and space permissions control whether people must be logged in to see pages covered by this policy
Was this helpful?