All Collections
Getting started with Beacon
Add people to Beacon
Add people to Beacon

Grant your security team access without giving them the organization admin role.

Audrey Garcia avatar
Written by Audrey Garcia
Updated this week

Beacon will soon be part of Atlassian Guard. Read the blog

As an organization admin, you can add people who are not organization admins to Beacon by granting them the Product admin role.

The User role is not currently in operation and does not grant access to anything.

Grant the product admin role to a user

The process for granting access is the same as granting admin permissions for other products in your organization. How to give users admin permissions

To grant the product admin role:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Directory > Users.

  3. Select a user.

  4. Select Grant access and follow the prompts to grant the Product Admin role for Beacon.

This will add the user to the beacon-admins group.

User profile screen showing the Beacon product admin role granted.

Add a user to the Beacon admin group

You can also grant access by adding people to the beacon-admins group.

This method is useful if you need to add a lot of people or want to automatically add certain people when provisioning users from your identity provider. Understand the default groups and permissions for each product

User management groups screen showing the Beacon admin group.

The beacon-users group is not currently in operation, and we don’t recommend using custom groups with Beacon at this time.

What information will Beacon admins see?

In order to investigate an alert, we make certain data available so your team can act quickly. There are two places a Beacon admin can access data about the actor or subject:

  • in an alert

  • in the actor profile

We only surface information that is relevant to the investigation, such as:

  • Atlassian administration audit log events for that actor

  • Jira and Confluence product audit log events for that actor

  • User profile information including job title, product role, location.

  • User session information including IP address, login location, device operating system.

  • Certain activity data such as terms entered in the search field that match our list of suspicious search terms (they don’t see the full text of the actor’s search query)

  • Confluence space and page titles specifically related to the alert, regardless of whether the user has permission to see those spaces and pages. They won’t be able to see page or space content, just the title.

  • Jira project titles specifically related to the alert, regardless of whether the user has permission to see those projects. They won’t be able to see project content, just the title.

Granting the product admin role for Beacon does not grant the person access to Atlassian administration features at admin.atlassian.com, or the ability to administer other products, or view content they otherwise have no permissions to see.

What remediation actions can Beacon admins take?

The remediation actions that a Beacon admin can do will depend on their other product permissions.

For example, they can’t suspend an actor or perform any action that requires the organization admin or product admin role unless they hold that role.

Did this answer your question?