Data security policies allow you to govern how users, apps, and people outside your organization interact with content such as Confluence pages and Jira issues. You can create policies in the Atlassian Administration or via the API. It's important to note that not all rules are available for all policy coverage types.
This guide will help you create a policy and apply it to your organization.
Before using this guide, understand how data security policy APIs work
POST /v1/orgs/{orgId}/policies
This policy will include classification coverage to block page export and public links.
This endpoint is designed to create and activate a policy without setting a coverage initially. The addition of coverage will be addressed in subsequent steps. Please note that a specific policy can only be associated with one type of coverage; either CLASSIFICATION or WORKSPACE.
Request
1 2# This will create and activate data security policy without any resources curl --request POST \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --{"data": { "type": "policy", "attributes": { "type": "data-security", "name": "test policy", "status": "enabled", "metadata": { "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" }, "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true } } } }
Response
The response to this call will include a policyId; save it for the subsequent steps.
1 2{ "data": { "type": "policy", "id": "358d916a-aed3-474a-9ae0-17def3bad866", "attributes": { "id": "358d916a-aed3-474a-9ae0-17def3bad866" "ownerId": "706c6425-3967-42b3-a070-53ffba3102b3" "type": "data-security", "name": "test policy", "resources": [], "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true }, "status": "enabled", "metadata": { "lastUpdatedBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094". "createdBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094", "hasHadCoverage": true, "systemTag": null, "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" }, "createdAt": "2024-04-06T02:46:56.707Z", "updatedAt": "2024-04-06T02:46:56.707Z", "queryData": null }, "links": null, "relations": null, "message": null } }
POST /v1/orgs/{orgId}/policies/{[policyId}/resources
Show me how to create classification levels within an org
If you execute this call on a policy that is already active, the changes will take effect immediately. Anything marked with the classification level you choose will immediately follow the policy's rules.
After you create a policy, add resources to it via /resources endpoint. The resource endpoint accepts single resource to be added, so if you need to add multiple classification levels - you need to call it multiple times.
Request
1 2# Add classification level as a resource to a policy curl --request POST \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}/resources>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' { "id": "ari:cloud:platform::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc" } curl --request POST \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}/resources>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' { "id": "ari:cloud:platform::classification-tag/28e4d272-0d15-4a81-baea-a066344590de" }
Response
The response should show the resource status as scheduled with the corresponding id provided:
1 2{ "data": { "type": "policy", "id": "cb726087-dd56-45e5-8513-da61482bf4a2", "attributes": { "id": "cb726087-dd56-45e5-8513-da61482bf4a2", "ownerId": "fa63213e-aa29-4cfe-aca5-38c2d7ba2b2e", "type": "data-security", "name": "Test Policy", "resources": [ { "id": "ari:cloud:platform::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc", "applicationStatus": "scheduled", "type": "", "createdAt": "2024-05-02T16:59:54.455Z" }, { "id": "ari:cloud:platform::classification-tag/28e4d272-0d15-4a81-baea-a066344590de", "applicationStatus": "scheduled", "type": "", "createdAt": "2024-05-02T16:59:54.455Z" } ], "rule": {}, "status": "enabled", "metadata": { "lastUpdatedBy": "ari:cloud:identity::user/712020:eae782fc-1bb7-40b2-8bcf-700b404c7274", "createdBy": "ari:cloud:identity::user/712020:eae782fc-1bb7-40b2-8bcf-700b404c7274", "hasHadCoverage": true, "systemTag": null, "policyCoverageLevel": "CLASSIFICATION", "description": "" }, "createdAt": "2024-05-01T15:16:00.691Z", "updatedAt": "2024-05-01T15:16:29.877Z", "queryData": null }, "links": null, "relations": null, "message": null } }
GET /v1/orgs/{orgId}/policies/{policyId}
PUT /v1/orgs/{orgId}/policies/{policyId}
Before activating or deactivating the policy, ensure to review its configuration and fetch the details of the policy. It is crucial to modify the policy object only after retrieving its details.
Remove the auto-generated data listed below from the response:
lastUpdatedBy, createdBy, hasHadCoverage, and systemTag properties.id property and remove all others.attributes object, exclude the id, ownerId, createdAt, updatedAt, and queryData.data object, remove the id, links, relations, and message.Update status property to enabled/disabled and resubmit a JSON object via PUT call.
1 2# Retrieve policy details curl --request GET \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' RESPONSE: { "data": { "type": "policy", "id": "358d916a-aed3-474a-9ae0-17def3bad866", "attributes": { "id": "358d916a-aed3-474a-9ae0-17def3bad866" "ownerId": "706c6425-3967-42b3-a070-53ffba3102b3" "type": "data-security", "name": "test policy", "resources": [ { "id": "ari:cloud:platform::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc", "applicationStatus": "applying", "type": "", "createdAt": "2024-04-06T02:46:56.707Z", "updatdAt": "2024-04-06T02:46:56.707Z" } ], "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true }, "status": "disabled", "metadata": { "lastUpdatedBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094". "createdBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094", "hasHadCoverage": true, "systemTag": null, "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" }, "createdAt": "2024-04-06T02:46:56.707Z", "updatedAt": "2024-04-06T02:46:56.707Z", "queryData": null }, "links": null, "relations": null, "message": null } } # Update policy state to "enabled" curl --request PUT \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --{"data": { "type": "policy", "attributes": { "type": "data-security", "name": "test policy", "resources": [ { "id": "ari:cloud:platform::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc", } ], "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true }, "status": "enabled", "metadata": { "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" } } } }
DELETE /v1/orgs/{orgId}/policies/{policyId}
Request
1 2# Delete a policy curl --request DELETE \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json'
Rate this page: