Hi All,
We are looking at the App Access Rules feature introduced recently. We tested it and found that it works consistently with our Forge app for Confluence Cloud. However, its limits (data security policy limits: 15 spaces per policy, 50 policies per organization, see Create a data security policy | Atlassian Support) are so restrictive that they make it basically unusable except in the tinyest Confluence instances that have no more than a dozen spaces or two. We already have numerous customers who have hundreds of spaces, some even have thousands. For them, the limits of App Access Rules are far below usable. This raises quite a few questions.
- From Atlassian’s perspective, who are the intended audience and what are the intended use cases for App Access Rules? Is this a feature for app vendors or for admins primarily? Is it for small teams or larger ones?
- Is it intended for general use, or for dealing with edge cases and rare exceptions in terms of data restriction?
- How is an admin of a Confluence instance with 2000 spaces expected to use it (suppose they want to restrict an app from accessing 1000 out of 2000 spaces)?
- What are the problems it intends to solve in its current form? Because with the current limits, the possible scope of use cases also seems very limited.
- Are there any plans to substantially increase these limits in the near future? It’s important to keep in mind that these limits apply to data security policies in general, not just to policies specifically defined for apps! This makes them even more limited from an app vendor’s perspective.
App Access Rules is in many ways a promising new feature to rely on when designing certain app features, but as it is now, it’s more like a proof-of-concept than an enterprise-ready feature. We need to know if we can expect it to meaningfully support large Confluence instances in order to decide if we should build on top of it or not.
Regards,
Gabor