Data security policies allow you to govern how users, apps, and people outside your organization interact with content such as Confluence pages and Jira issues. You can create policies in the Atlassian Administration or via the API. It's important to note that not all rules are available for all policy coverage types.
This guide will help you create a policy and apply it to your organization.
Before using this guide, understand how data security policy APIs work
POST /v2/orgs/{orgId}/policies
This policy will include classification coverage to block page export and public links.
This endpoint is designed to create and activate a policy without setting a coverage initially. The addition of coverage will be addressed in subsequent steps. Please note that a specific policy can only be associated with one type of coverage; either CLASSIFICATION, CONTAINER or WORKSPACE.
Request
1 2# This will create and activate data security policy without any resources curl --request POST \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --{"data": { "type": "policy", "attributes": { "type": "data-security", "name": "test policy", "status": "enabled", "metadata": { "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" }, "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true } } } }
Response
The response to this call will include a policyId; save it for the subsequent steps.
1 2{ "data": { "type": "policy", "id": "358d916a-aed3-474a-9ae0-17def3bad866", "attributes": { "id": "358d916a-aed3-474a-9ae0-17def3bad866" "ownerId": "706c6425-3967-42b3-a070-53ffba3102b3" "type": "data-security", "name": "test policy", "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true }, "status": "enabled", "metadata": { "lastUpdatedBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094". "createdBy": "ari:cloud:identity::user/8044ac9ff568615bdc7ea094", "hasHadCoverage": true, "systemTag": null, "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" }, "createdAt": "2024-04-06T02:46:56.707Z", "updatedAt": "2024-04-06T02:46:56.707Z", "queryData": null }, "links": null, "relations": null, "message": null } }
POST /v2/orgs/{orgId}/policies/{[policyId}/resources
Show me how to create classification levels within an org
After you create a policy, add resources to it via /resources endpoint.
If you execute this call on a policy that is already active, the changes will take effect immediately. Anything marked with the classification level you choose will immediately follow the policy's rules.
This API can ADD or REMOVE one or more resources to/from policies. If you need to remove all associated resources, deleting the policy with the Delete data security policy API and starting again might be faster.
Request for adding workspace
1 2# Add workspaces as a resource to a policy curl --request POST \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies/{policyId}/resources>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' [ { "operation":"ADD", "resourceAri": "ari:cloud:confluence::confluence::site/4518289c-2159-48b9-a4f6-ae8f629aa2a2" }, { "operation":"ADD", "resourceAri": "ari:cloud:jira::confluence::site/1988289c-2159-48b9-a4f6-ae8f629aa2a2" } } ]
Response
1 2204 No content
Request for adding container
1 2# Add containers as a resource to a policy curl --request POST \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies/{policyId}/resources>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' [ { "operation":"ADD", "resourceAri": {"ari:cloud:jira::site/ee3c3183-3d6e-4077-8053-676d62c40929/project/10004"} }, { "operation":"ADD", "resourceAri": {"ari:cloud:jira::site/ee3c3183-3d6e-4077-8053-676d62c40929/project/10003"} }, } ]
Response
1 2204 No content
Request for adding classification
1 2# Add classification level as a resource to a policy curl --request POST \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies/{policyId}/resources>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' [ { "operation":"ADD", "resourceAri": {"ari:cloud:confluence::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc"} } ]
Response
1 2204 No content
GET /v2/orgs/{orgId}/policies/{policyId/resources
Before activating or deactivating the policy, ensure to review its configuration and fetch the details of the policy. It is crucial to modify the policy object only after retrieving its details.
The response should have transitioned to applied.
Request
1 2# Retrieve policy details curl --request GET \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json'
Response - workspace
1 2{ "data": [ { "type": "resource", "id": "d653c974-8d83-4ea9-b6b7-b49e18c69391", "attributes": { "parentResourceId": "ari:cloud:platform::org/c74e07d8-ddc2-4583-a8bc-5d5405a3907a", "resourceId": "ari:cloud:confluence::confluence::site/4518289c-2159-48b9-a4f6-ae8f629aa2a2", "applicationStatus": "applied", "createdAt": "2024-06-23T03:55:39.128Z", "updatedAt": "2024-06-23T03:55:38.900Z" } }, { "type": "resource", "id": "d653c974-8d83-4ea9-b6b7-b49e18c69391", "attributes": { "parentResourceId": "ari:cloud:platform::org/c74e07d8-ddc2-4583-a8bc-5d5405a3907a", "resourceId": "ari:cloud:jira::confluence::site/1988289c-2159-48b9-a4f6-ae8f629aa2a2", "applicationStatus": "applied", "createdAt": "2024-06-23T03:55:39.128Z", "updatedAt": "2024-06-23T03:55:38.900Z" } } ], "meta": { "page_size": 2, "next": null, "prev": null }, "links": { "self": "string", "prev": "loremipsum-prev", "next": "loremipsum-next" } }
Response - Container
1 2{ "data": [ { "type": "resource", "id": "d653c974-8d83-4ea9-b6b7-b49e18c69391", "attributes": { "parentResourceId": "ari:cloud:confluence::site/ee3c3183-3d6e-4077-8053-676d62c40929", "resourceId": "ari:cloud:confluence::site/ee3c3183-3d6e-4077-8053-676d62c40929/space/10005", "resourceName": "Test project", "resourceKey": "~62cf0218ec233f24684a01a1", "resourceStatus": "active", "resourceLogoUrls": { "default": "/images/logo/default-space-logo-256.png" } "links": null, "message": null } }, { "type": "resource", "id": "d653c974-8d83-4ea9-b6b7-b49e18c69391", "attributes": { "parentResourceId": "ari:cloud:jira::site/ee3c3183-3d6e-4077-8053-676d62c40929", "resourceId": "ari:cloud:jira::site/ee3c3183-3d6e-4077-8053-676d62c40929/project/10003", "resourceName": "Test project", "resourceKey": "~62cf0218ec233f24684a01a1", "self": "https://beacon-staging.jira-dev.com/admin/private/rest/api/2/project/10000", "projectType": "service_desk", "resourceStatus": "archived", "resourceLogoUrls": { "16x16": "https://beacon-staging.jira-dev.com/admin/private/rest/api/2/universal_avatar/view/type/project/avatar/10404?size=xsmall", "24x24": "https://beacon-staging.jira-dev.com/admin/private/rest/api/2/universal_avatar/view/type/project/avatar/10404?size=small", "32x32": "https://beacon-staging.jira-dev.com/admin/private/rest/api/2/universal_avatar/view/type/project/avatar/10404?size=medium", "48x48": "https://beacon-staging.jira-dev.com/admin/private/rest/api/2/universal_avatar/view/type/project/avatar/10404" }, "links": null, "message": null } } ], "meta": { "page_size": 2, "next": null, "prev": null }, "links": { "self": "string", "prev": "loremipsum-prev", "next": "loremipsum-next" } }
Response - Classification
1 2{ "data": [ { "type": "resource", "id": "d653c974-8d83-4ea9-b6b7-b49e18c69391", "attributes": { "parentResourceId": "ari:cloud:platform::org/c74e07d8-ddc2-4583-a8bc-5d5405a3907a", "resourceId": "aari:cloud:confluence::classification-tag/28a6d272-0d95-4a81-baea-a0660f490afc", "applicationStatus": "applied", "createdAt": "2024-06-23T03:55:39.128Z", "updatedAt": "2024-06-23T03:55:38.900Z" }, "links": null, "message": null } ], "meta": { "page_size": 2, "next": null, "prev": null }, "links": { "self": "string", "prev": "loremipsum-prev", "next": "loremipsum-next" } }
PUT /v2/orgs/{orgId}/policies/{policyId}
Before activating or deactivating the policy, ensure to review its configuration and fetch the details of the policy. It is crucial to modify the policy object only after retrieving its details.
Remove the auto-generated data listed below from the response:
lastUpdatedBy
, createdBy
, hasHadCoverage
, and systemTag
properties.id
property and remove all others.attributes
object, exclude the id
, ownerId
, createdAt
, updatedAt
, and queryData
.data
object, remove the id
, links
, relations
, and message
.Update status
property to enabled/disabled and resubmit a JSON object via PUT
call.
Request
1 2# Update policy state to "enabled" curl --request PUT \ --url '<https://api.atlassian.com/admin/control/v2/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --{"data": { "type": "policy", "attributes": { "type": "data-security", "name": "test policy", "rule": { "export": { "blockPageExport": true }, "publicLinks": { "block": true }, "status": "enabled", "metadata": { "policyCoverageLevel": "CLASSIFICATION", "description": "Some description" } } } }
DELETE /v2/orgs/{orgId}/policies/{policyId}
Request
1 2# Delete a policy curl --request DELETE \ --url '<https://api.atlassian.com/admin/control/v1/orgs/{orgId}/policies/{policyId}>' \ --header 'Authorization: Bearer <access_token>' \ --header 'Accept: application/json'
Rate this page: