Managing data access with Atlassian Data Lake connections

Each Atlassian Analytics instance can have up to 10 Atlassian Data Lake connections. Because of this, we recommend users create a general Atlassian Data Lake connection with all ‘internally public’ information that can be shared with all users, and to use additional Data Lake connections for any data requiring enhanced permissions.

Create an open Data Lake connection

To create a Data Lake connection, you must be an organization admin, or work with one of your organization admins. Create an open Atlassian Data Lake connection, by following the steps below:

  1. Navigate to the Data tab and select Add data source. Then select Atlassian Data Lake as the data source type.

  2. Select all Atlassian products that the team frequently uses. If you select any Jira or Confluence instances, customize the project and space selections to exclude any with sensitive information.

Screenshot 2023-03-28 at 1.59.21 PM.png

  1. Select the scope of data for this Atlassian Data Lake connection. If you excluded projects and spaces with sensitive information in the previous step, you can choose to include All data.

  2. Name the Atlassian Data Lake connection. For clarity, you should include a label like ‘unrestricted’ in the name to let users know that unrestricted data is included. For this example, we’ll name our connection ‘Banclyinc (unrestricted data)'.

  3. Grant users access to the data source. If you took the appropriate steps to ensure this connection excludes sensitive data, you can change the query restrictions so anyone with product access to an Enterprise plan and Atlassian Analytics can query this Atlassian Data Lake connection.

Screenshot 2023-03-28 at 2.50.20 PM.png

Create a Data Lake connection with restricted access

The Data Lake permissions do not respect the permissions set in other Atlassian products. For example, if a Data Lake connection included all Jira projects, this might allow people in your organization to access data that they usually may not have access to. Because of this, you should not include Atlassian products or projects with sensitive information in the ‘internally public’ Data Lake connection. Instead, you can create more Data Lake connections with the data requiring enhanced permissions. Then share those connections with only the users who already have access to the sensitive data within the products themselves.

To create a Data Lake connection, you must be an organization admin, or work with one of your organization admins. To create a Data Lake connection with more restricted access:

1. Navigate to the Data tab and select Add data source. Then select Atlassian Data Lake as the data source type.

2. Select the Atlassian products that hold sensitive information. If you select any Jira or Confluence instances, customize the project and space selections by only including the ones with sensitive information.

Team-based Data Lake connection.png

3. Next, select the scope of data for this Atlassian Data Lake connection. If you intend to give only very specific people access to the connection, and the users already have full access to the data in the source product, then you could include All data. If you’re still concerned about data security, you could include Limited data to prevent users from accessing content from any free-form text fields.

4. The next step of the process is to name the Atlassian Data Lake connection. For clarity, you should include a label like ‘restricted’ in the name to let users know the data in the connection is restricted. For this example, we’ll name our connection ‘Banclyinc (restricted data)’.

5. Finally, give only the people who routinely work in the selected projects or spaces access to the data source.

2 comments

Adam Nichols (DISH)
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 11, 2023

@Jessie Turpin Greetings! Do you know if it is on the roadmap for the Data Lake to inherit the permissions of other Atlassian products?  We have 75+ vendors that all operate within our system and the combination of groups and permissions we have created is rather complex, to have to replicate this through different data connections will be almost impossible to manage

Ben Jackson
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 11, 2023

@Adam Nichols (DISH) we've implemented the lake to follow an analytical permissions model rather than the product permission model as we support Multi-Product, Multi-Instance analytics and it would be near impossible to achieve if we layered in the product permissions.

That being said we are going to implement JQL as a data source this year and plan to work on that in the coming two quarters as part of bringing new reporting functionality to Jira. 

If you are wanting to be able to make reporting that your vendors could consume from within Jira that would be the place to do that. Let me know if that is what you're trying to do or something else?

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events