DTwo Policy Store
JIRA · ACCESS CONTROL

Wall off sensitive Jira projects from AI agents

Security, legal, and HR projects share the same Jira as your sprint board. Keep agents from reading or writing them, and redact whatever still comes back.

For: Teams running AI on Jira with confidential projects in the same instance

Your security, legal, and HR projects sit in the same Jira instance as everything else. Incident-response, legal-hold, and HR-investigation work lives next to the sprint board, and an agent with Jira access sees all of it. Ask it to "summarize open issues" and the active security incident is in scope too.

The control is project-scoped and covers both ways into an issue. deny-view-search-sensitive-projects blocks the read side: it denies the two paths a caller has to reach an issue — fetching it directly by key, and JQL search — matched by project key, so the content never reaches the model context. The write side is handled by deny-write-sensitive-projects, which stops an agent from creating, commenting on, or transitioning issues in those projects.

Whatever still comes back — including a summary the agent built from issue content it was allowed to read — runs through redact-sensitive-info, which masks secrets and PII before the response reaches the caller. The read and write policies each carry their own sensitive-project list, so set the same projects in both to keep the fences aligned. The atlassian bundle collects the curated set.

Policies in this guide