Global Permissions Overview

Still need help?

The Atlassian Community is here for you.

Ask the community

Global Permissions determine what a user can do at a site level, including whether they can log in, create spaces, or administer the site. 

tip/resting Created with Sketch.

Unsure about the best way to set permissions in your site? Check out our Permissions best practices guide.

On this page:

Overview of global permissions

The following global permissions can be granted to groups and individuals. 

Global Permission

Description

Can Use

This is the most basic permission that allows users to log in to this Confluence site. Users with this permission contribute to your licensed users count.

Personal Space

Allows the user to create a personal space. The space key will be their username.

Create Space(s)

Allows the user to create new spaces in your site. When a user creates a space they are automatically granted admin permissions for that space.

Confluence Administrator

Allows the user to access the Confluence administration console, and perform basic administrative tasks such as adding users, changing group memberships, and changing the colour scheme of the site.

See the detailed comparison of administrator permissions below.

System Administrator

Allows the user to access the Confluence administration console and perform all administrative tasks.

See the detailed comparison of administrator permissions below.

Grant global permissions

To grant global permissions to a user or group:

  1. Go to Administration menu , then General Configuration. > Global Permissions

  2. Choose Edit Permissions
  3. Do one of the following:
    1. Enter a group name in the Grant browse permissions field in the Group section
    2. Enter a username in the Grant browse permissions field in the Individual Users section
  4. Choose Add.
  5. The user or group will appear in the list. Select the permissions you want to grant.
  6. Choose Save all

Screenshot: Editing global permissions


Revoke global permissions

To revoke the global permissions for a user or group:

  1. Go to Administration menu , then General Configuration. > Global Permissions

  2. Choose Edit Permissions
  3. Locate the user or group you want to edit, and deselect all checkboxes. 
  4. Choose Save all

If you are attempting to revoke permissions for an individual user, and they are not listed, you will need to check which groups they are a member of, and remove them from any groups that grant the global permission. 

System Administrator and Confluence Administrator permissions compared

The table below lists the parts of the admin console that can be accessed by people with the Confluence Administrator and System Administrator global permissions.  

Members of the confluence-administrators super group have System Administrator global permissions by default, as well as the ability to view all spaces and pages

Admin consoleConfluence administratorSystem administrator
Configuration
  • General Configuration, except:
    • Base URL
    • Connection timeout
  • Further configuration, except:
    • Remote API
  • Languages
  • Shortcut Links
  • Global Templates and Blueprints
  • Recommended Updates Email
  • Configure Code Macro, except
    • add new languages
  • WebDAV Configuration


  • General Configuration
  • Further configuration
  • Backup Administration
  • Languages
  • Shortcut Links
  • External Gadgets
  • Global Templates and Blueprints
  • Recommended Updates Email
  • Mail Servers
  • User Macros
  • In-app Notifications
  • Spam Prevention
  • PDF Export Language Support
  • Configure Code Macro
  • Office Connector
  • WebDAV Configuration
Marketplace
  • Find new apps
  • Manage apps,
    except:
    • Upload an app.
  • Find new apps
  • Manage apps
Users & security
  • Users
  • Groups
  • SSO 2.0
  • Security Configuration, except:
    • External user management
    • Append wildcards to user and group searches
    • Enable Custom Stylesheets for Spaces
    • Show system information on the 500 page
    • RSS settings
    • XSRF Protection
    • Attachment download security
  • Global Permissions
  • Space Permissions
  • Inspect Permissions (Data Center)
  • Users
  • Groups
  • SSO 2.0
  • Security Configuration
  • Global Permissions
  • Space Permissions
  • Inspect Permissions (Data Center)
  • User Directories
  • Whitelist
Look and feel
  • Themes
  • Color Scheme
  • Site Logo and Favicon
  • PDF Layout
  • PDF Stylesheet
  • Sidebar, header and footer
  • Default Space Logo

  • Themes
  • Color Scheme
  • Layouts
  • Stylesheet
  • Site Logo and Favicon
  • PDF Layout
  • PDF Stylesheet
  • Sidebar, header and footer
  • Default Space Logo
  • Custom HTML
Upgrade
  • Latest upgrade report
  • Latest upgrade report
  • Plan your upgrade
Administration
  • Macro Usage
  • Audit Log
  • Content Indexing
  • License Details
  • Application Links (OAuth only)
  • Application Navigator
  • Mobile apps
  • Collaborative Editing
  • Maintenance (Data Center)
  • System Information
  • Macro Usage
  • Audit Log
  • Rate limiting (Data Center)
  • Backup & Restore
  • Content Delivery Network (Data Center)
  • Content Indexing
  • Mail Queue
  • Scheduled Jobs
  • Cache Management
  • License Details
  • Logging and Profiling
  • Application Links
  • Application Navigator
  • Analytics
  • Troubleshooting and support tools
  • Clustering (Data Center)
Atlassian Cloud
  • Migration assistant
  • Migration assistant

Confluence-administrators super group

The Confluence administrator global permission and the confluence-administrators group are not related. Going by the names, you would think they are the same thing, but they're not. Granting a user or a group Confluence administrator global permission allows access to a sub-set of administrative functions. Granting membership to the confluence-administrators group grants the highest possible permissions, with complete access to all content and administration functions.

When you install Confluence you'll be prompted to create a system administrator account. This user will be a member of the confluence-administrators super group.

What can members of this group do? 

This group provides the highest level of permission in your site, and these permissions can't be edited. People in this group can: 

  • perform all administrative tasks
  • access all spaces
  • access all pages, including pages with view restrictions. 

Restricted pages and blog posts are not visible to members of the confluence-administrators group in the dashboard, blog roll, search and most macros, but are visible if the user has the page URL, or in the:

  • page tree in the sidebar
  • pages index page
  • reorder pages screen
  • page tree macro
  • content by user macro

Members of this group can't edit pages by default. They need to grant themselves space permissions, or add themselves to the page restrictions in order to edit. 

Should I use the confluence-administrators group? 

Some organisations use the confluence-administrators group extensively, while others choose to limit its membership to just one special admin account, to limit the number of people who can see all content by default.  System administrators can perform all the same administrative tasks, so membership of this group is not a requirement. 

If you do decide not to use this group, be aware that the group can't be deleted, and that people with System Administrator global permissions can add themselves to this group. 

Troubleshooting

Confluence will let you know if there is a problem with some permissions. In rare situations, you may see the following error messages below a permission:

  • 'User/Group not found' - This message may appear if your LDAP repository is unavailable, or if the user/group has been deleted after the permission was created.
  • If you're unable to log in to Confluence as an administrator (for example, you've lost the administrator password) you can start Confluence in recovery mode to recover your admin user rights. See Restore Passwords To Recover Admin User Rights

Last modified on Oct 17, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.