table of contents

1 Target permissions
2 Check if anonymous access is allowed without login

The Administration Center provides useful functions to help manage the usage status and security of organizations and products. This section describes basic operations related to security. Even a cloud that is robust against attacks from the outside poses a problem of security incidents caused by simple misconfigurations by administrators. To avoid such risks, you can use a dashboard to see at a glance whether secure permissions have been set for all of your site's projects and spaces. You can also check the viewing permissions and accessible users of each project at once and take measures.

Target permissions

Various icons are displayed for the following settings.

Settings		Public All including anonymous users who are not logged in	Open All logged in users	Private Limited users only	Warning All logged in users

Settings		Public All including anonymous users who are not logged in	Open All logged in users	Private Limited users only	Warning All logged in users
Jira System	Public Sharing	Problem Users can share dashboards and filters with everyone, even those who are not logged in. Condition System > General Settings > Edit Settings > Public Sharing > [On] Impact You can set up your users to share their dashboards and filters with everyone, even those who are not logged in. Disabling this will not change the sharing of dashboards or filters that have already been shared.		Problem None Condition System > General Settings > Edit Settings > Public Sharing > [Off] Impact None
Jira Project	Access Level	Problem In Company-managed projects, all users, including users with access to your Jira site and anonymous users, can manage the project, search, and view issues. Condition Company-managed projects The following conditions are granted to the project permission scheme “Administer Projects” or “Browse Projects”. Public Team-managed projects None Impact Company-managed projects Administer Projects Not only logged-in users but all users who are not logged in can view/edit the project key, project name, and leader of the target project. Not only logged-in users but all users who are not logged in can view/edit the settings of the target project. Not only logged-in users but also all non-logged-in users can edit the role and permission scheme of the target project to make information such as assignments viewable/editable to an unspecified number of users. I can do it. Browse Projects Not only logged-in users but all users who are not logged in can view the project key, project name, and leader of the target project. Team-managed projects None	Problem For Company-managed projects and team-managed projects, users who have access to the Jira site can manage this project, or search and view issues. Condition Company-managed projects The following conditions are granted to the project permission scheme “Administer Projects” or “Browse Projects”. All logged in users Team-managed projects Project access rights “Open” and “Limited” are granted. Impact Company-managed projects Administer Projects All logged in users can view/edit the project key, project name, and leader of the target project. All logged in users can view/edit the settings of the target project. All logged-in users can edit the role or permission scheme of the target project, making information such as assignments available for viewing/editing by an unspecified number of users. Browse Projects All logged in users can view the project key, project name, and leader of the target project. Team-managed projects Administer Projects None Browse Projects All logged in users can view the project key, project name, and leader of the target project.	Problem None Condition Company-managed projects Other than Public and Open conditions Team-managed projects Other than Public and Open conditions Impact Company-managed projects None Team-managed projects None	Problem Due to a Jira bug (JRACLOUD-80945) in Company-managed projects, anyone with access to the Jira site can manage the project or search and view issues. Condition Company-managed projects The following conditions are assigned to “Project management” or “Project viewing” in the project permission scheme. Reporter Current assignee User custom field value Group custom field value Team-managed projects None Impact Company-managed projects Administer Projects All logged in users can view/edit the project key, project name, and leader of the target project. All logged in users can view/edit the settings of the target project. All users who can log in can edit the role or permission scheme of the target project, making information such as assignments available for viewing/editing by an unspecified number of users. Browse Projects All logged in users can view the project key, project name, and leader of the target project. Team-managed projects None
Jira Dashboard	Access Level	Problem This dashboard is visible to all users, including users with access to your Jira site and anonymous users. Condition Each dashboard setting > Viewer > "Public" Impact Not only logged in users, but all users who are not logged in can see the name, owner, viewers, and editors of the target dashboard.	Problem Anyone with access to your Jira site can see this dashboard. Condition Each dashboard setting > Viewer > "My organization" Impact All logged in users can see the name, owner, viewers, and editors of the target dashboard.	Problem なし Condition Other than Public and Open conditions Impact None
Jira Filter	Access Level	Problem This filter is visible to all users, including users with access to your Jira site and anonymous users. Condition Each filter setting > Viewer > "Public" Impact Not only logged in users, but all users who are not logged in can see the name, owner, viewer, and editor of the target filter.	Problem All users with access to your Jira site can see this filter. Condition Each filter setting > Viewer > "My organization" Impact All logged in users can see the name, owner, viewer, and editor of the target filter.	Problem None Condition Other than Public and Open conditions Impact None
Confluence Space	Access Level	Problem This space is visible to everyone, including users with access to your Confluence site and anonymous users. Condition Each space settings > Space permissions > Anonymous access > Display > [On] Impact Not only logged in users, but all users who are not logged in can view the name, pages, comments, attachments, etc. of the target space.	Problem Anyone with access to your Confluence site can view this space. Condition Each space settings > Space permissions > Users with internal licenses > Groups > View > Product access groups (excluding administrators) Impact All logged in users can see the name, pages, comments, attachments, etc. of the space.	Problem None Condition Other than Public and Open conditions Impact None
Confluence System	Public Sharing	This is not supported by D-Accel. At this time, there are no plans to realize this.

Check if anonymous access is allowed without login

The Security screen is available to Atlassian site administrators.

Select “Security” on the home screen.
You can check access levels for Jira systems, projects, dashboards, filters, and Confluence spaces. A “red lock” public icon allows access from anyone, including anonymous users who are not logged in; a “yellow eye” open icon allows access from all logged in users. This indicates that the settings have been made.
From the icon if you see the "Public" icon on your Jira projects, dashboards and filters Allowing Anonymous Access to Projects ,Prevent or remove public access Please refer to to check if anonymous access is set.
If the Confluence space shows the "Public" icon, please refer to Share your site externally with anonymous access in the icon to see if anonymous access is configured.