This documentation relates to the latest version of Confluence.
If you are using an earlier version, please go to the documentation home page and select the relevant version.

Page Restrictions

Added by Vidya Madabushi, last edited by Jeremy Largman on Aug 14, 2008  (view change)
All Versions
Click for all versions
Confluence 2.9 Documentation

Index

Page restrictions allow you to control who can view or edit individual pages. You can set the page restrictions when editing a page, using menus below the text-entry box.

In order to set or modify page restrictions, you need to have both:

  • 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
  • Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.

Page Security Rules

Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:

  • Anonymous users are directed to the login page.
  • Logged-in users are shown a permissions error page.

It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content. To keep the existence of a page or space secret, do not link to it from other sources.
Users will still be able to find the page if they know it's URL. But they will not be able to view the content if they don't have the correct permissions.

Inherited Restrictions and Child Pages

If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.

'Edit' restrictions are not inherited.

Example of Child Page Restrictions

Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.

For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.

Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.

How to Open Part of a Space

Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:

  1. Add 'view' permission for both groups A and B in space permissions.
  2. Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
  3. Add a page restriction to allow Group A and B to see this page.
  4. Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.

You can repeat this with any page hierarchy.

Administrators
  • Space administrators are responsible for the management of a space and its contents. They therefore have the ability to remove all restrictions from a page (as described in 'Viewing Restricted Pages'). This means that space administrators can view and edit all content in the space.
  • Users who are members of the 'confluence-administrators' group ('super-users') can view all pages regardless of the page restrictions. To be able to edit the page, you will need to remove the restriction from it first – go to 'Space Administration' > 'Restricted Pages'.
You cannot exclude yourself

As creator or editor of a page, you cannot use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again.

What would you like to do?

View a Page's Restrictions
Set a Page's Restrictions
View All Restricted Pages

RELATED TOPICS

Working with Pages

Take me back to Confluence User Guide

Labels:

permission permission Delete
page page Delete
Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Comments (17)

 

  1. Sep 10, 2007

    James Mortimer says:

    How do I modify the page restriction 'notification' page that is returned so tha...
    • How do I modify the page restriction 'notification' page that is returned so that I can indicate who the user should contact when they come accross a restricted page?
    • How do I display the list of page restrictions inline on a given page, to make it clear to users to whom the page is restricted?

    1. Sep 12, 2007

      Choy Li Tham says:

      Hi James, How do I modify the page restriction 'notification' page that is ret...

      Hi James,

      How do I modify the page restriction 'notification' page that is returned so that I can indicate who the user should contact when they come across a restricted page?

      If you would like to change the page that shows the "you cannot view this page" notification, then you may want to give a try to modify the pagenotpermitted.vm file which is located in the <confluence.home>/pages directory. Please ensure that you have made the appropriate backup of pagenotpermitted.vm file before proceeding with the modification.

      How do I display the list of page restrictions inline on a given page, to make it clear to users to whom the page is restricted?

      Unfortunately, I'm not aware of any plugin or macro that would meet your requirement. To my understanding, a lits of restricted pages can only be seen by the space administrator.Perhaps you may want to search through our confluence extension to see if there are any available plugins which might meet your requirements.

      Regards,
      Choy Li

      1. Sep 12, 2007

        James Mortimer says:

        Thanks. Already did but couldn't find anything appropriate there. Will use the p...

        Thanks. Already did but couldn't find anything appropriate there. Will use the pagenotpermitted.vm mod. Thanks.

      2. Apr 01

        Anonymous says:

        The use of the .vm file to modify the "you cannot view this page" notification i...

        The use of the .vm file to modify the "you cannot view this page" notification is not flexible enough.  Our enterprise Wiki has different teams/groups that restrict viewing of portions of their sites.  If a parent page has been assigned viewing restriction, they should be able to provide a custom response for users who do not have viewing access to that page or any of its children.  That response will direct the user where to go to aquire access.  Their may be several different contacts/instructions within a space.

        1. Apr 02

          Mei Yan Chan says:

          I would suggest you to raise a feature improvement detailing your requirement at...

          I would suggest you to raise a feature improvement detailing your requirement at:

          Regards,
          Mei

  2. Oct 12, 2007

    Paul Csapo says:

    Just a quick check... why are 'Edit' restrictions not inherited when creating a ...

    Just a quick check... why are 'Edit' restrictions not inherited when creating a child page underneath an already restricted page? Is it because people can not edit a page that they can not view?

    I'm thinking that ALL restrictions should be inherited by default IF the parent page (or a previous parent page) contained restrictions, and then just before the page is saved, an alert informs the creator that the child page has inherited the same viewing/editing restrictions as a precaution, and displaying them if possible.

    Then, if the creator of that page needs to modify the restrictions, they can simply re-edit the page and modify the restrictions accordingly. This way, it should minimise the chance of anyone creating a child page in a protected area with more open permissions by mistake.

    What do you think?

    kind regards,
    Paul

    1. Nov 20, 2007

      Anonymous says:

      Now I have the same problem. I want to restrict the editing of a page and also t...

      Now I have the same problem. I want to restrict the editing of a page and also the children (nearly about 60) and the restrection is not inherit .

      1. Nov 21, 2007

        Choy Li Tham says:

        Hi, We are aware of such needs and there is an improvement request being tracke...

        Hi,

        We are aware of such needs and there is an improvement request being tracked at the following:

        If you are keen on this improvement, please do cast your vote to increase its popularity and add yourself as a watcher to the issue for future updates. Also, feel free to add comments to the improvement to reflect the importance of this request.

        Regards,
        Choy Li

        1. Jan 29, 2008

          Bruce harrell says:

          Agreed..... YES> If&nbsp;a page is retricted for editing, there should be an opt...

          Agreed..... YES> If a page is retricted for editing, there should be an option to restrict all the children as well...

          Bruce

  3. Nov 29, 2007

    Thoralf Will says:

    I have some trouble with the restrictions as well. Scenario: Space1 Page1 Sub...

    I have some trouble with the restrictions as well. Scenario:

    Space1 - Page1 - Subpage1
       - Page2 - Subpage2

Space2 - Page3
       - Page4 - Subpage4
               - Subpage5
       ...
       - Page99

    Now I want someone to be able to access Subpage2, Page4 and it's children only - but not Page1, Page2, Page3, Page5-99. How do I do that?
    From my understanding I have to set permissions for all pages manually to keep them from getting displayed, including every newly created page in both spaces.

    Is there a way to do this better?

    (I would like something like a "positive list", a way to add a user/group to a page so the person in question can access exactly this one page (and maybe its children))

    1. Dec 04, 2007

      Tony Cheah Tong Nyee says:

      Hi Thoralf, I believe there is no easy way to achieve this. Indeed, the workaro...

      Hi Thoralf,

      I believe there is no easy way to achieve this. Indeed, the workaround that you have suggested is one of the possible way.

      Now I want someone to be able to access Subpage2, Page4 and it's children only

      Another tedious workaround that I can think of for this is to provide the following scenario:

      1. Having a space created
      2. The space should consist of two main parent pages
      3. The first parent page is restricted from the specific user/group to be viewed
      4. The second parent page does not restrict the user/group to view the content
      5. Summary: 
        Space
- Parent page 1 (With restriction)
   -- Subsequently, the children pages would also inherit the permissions automatically
- Parent page 2 (Without restriction to the user/group)
   -- Hence, the children pages are also viewable by the the user/group

      Additionally, I have also found a feature request that might meet your requirement being tracked here:

      Feel free to cast your vote to increase its popularity and add yourself as a watcher so that you will be notified if there are any updates. Also, please add comments to the feature request to truly reflect the importance of the feature to you.

      Cheers,
      Tony

      1. Dec 11, 2007

        Thoralf Will says:

        Voted. Another workaround that might help: Adding an additional "default group"...

        Voted.

        Another workaround that might help:
        Adding an additional "default group" that every regular member is part of and auto-adding this group to the acl of every newly created page.
        The question is: how to set acls for a page automatically when they are created? Is this even possible?

        1. Dec 12, 2007

          Tony Cheah Tong Nyee says:

          Hi Thoralf, Unfortunately, I am not aware of the automation feature that you ha...

          Hi Thoralf,

          Unfortunately, I am not aware of the automation feature that you have suggested. However, if you are keen on this feature, you may want to raise a new feature request for this in our Issue Tracking system to share your idea and the importance of having this feature.

          Cheers,
          Tony

  4. Jan 24, 2008

    Jakob Voss says:

    Our ownhosted installation of Confluence is conneted to an LDAP server for manag...

    Our own-hosted installation of Confluence is conneted to an LDAP server for management of users and groups. With confluence 2.7.1 I thought you can now give permissions to pages for single users. But in this scenario it does not seem to work:

    1. SPACE-X is restricted for viewing and editing to GROUP-Y
    2. PAGE-Z is in SPACE-X.
    3. PAGE-Z is edited and restricted for viewing and editing to GROUP-Y and another PERSON-A (who is not in GROUP-Y)

    But PERSON-A still cannot view or edit the page! Is it wrong configuration, a bug, or a feature? We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?

    1. Jan 29, 2008

      Ming Giet Chong says:

      Hi Jakob, This is the expected behavior where users/groups which are granted wi...

      Hi Jakob,

      This is the expected behavior where users/groups which are granted with view/edit page restriction, they are the only users/groups which has the permission to view/edit the page.

      We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?

      I would suggest you to raise a feature request the our issue tracker https://jira.atlassian.com.

      Regards,
      MG

      1. Jul 17

        Anonymous says:

        I don't believe that is what Jakob was saying \\ I have SPACE X that is open to ...

        I don't believe that is what Jakob was saying -

        I have SPACE X that is open to all for viewing, but only GROUP-A can edit pages in the space.

        I want to be able to invite PERSON-B, who is not in GROUP-A, to edit a page in SPACE X.  So I got into the page, change the restrictions to GROUP-A AND PERSON-B, but PERSON-B still cannot edit the page.

        The only way we can get them to have permissions to edit the page is to grant PERSON-B edit permissions to all of SPACE-X.  Not exactly what we want to do.

        1. Jul 18

          Ming Giet Chong says:

          Hi, This is indeed the behavior in Confluence. In order to grant/assign the {{P...

          Hi,

          This is indeed the behavior in Confluence. In order to grant/assign the Page restrictions in the page, the user must has the space permission. For example in your above scenario, the PERSON-B must has the "space permission to create and edit pages" in order to set the page restriction to the page.

          You can find more information from the detailed doc below:

          Regards,
          MG

Add Comment