This page contains an overview of how to use page restrictions in Confluence.
On this page:
Overview
Page restrictions allow you to control who can view or edit individual pages. You can set the page restrictions from the Page Restrictions Dialog, accessed under 'Tools', 'Restrictions'. You can also set restrictions when editing a page, in the Restrictions section near the bottom of the page.
When a page you are viewing has restrictions applied, a small padlock icon 
appears next to the page byline. Clicking the padlock will open the 'Page Restrictions' dialog box, where full details on the page restrictions are displayed.
You can also access the 'Page Restrictions' dialog box by clicking the 'Tools' menu at the top-right of a page and selecting the 'Restrictions' menu item.
For instructions on using the 'Page Restrictions' dialog box, refer to Setting a Page's Restrictions.
Screenshot: The Confluence Page Restrictions Dialog Box
The Confluence Permissions and Page Restrictions Hierarchy
Permissions and page restrictions in Confluence work within a hierarchical manner. For example, users who can access and modify global permissions (for instance, Confluence Administrators) can define which users can access and modify space level permissions (that is, space administrators). Space administrators can then define which users have access to create and modify pages. These users in turn can then apply viewing and editing restrictions to a page. By inheritance, these restrictions will also be applied to any child or descendant pages which are then added to that page.
See the diagram below for an illustration.
Diagram: Confluence Restrictions Hierarchy
|
Requirements for Setting Restrictions
In order to set or modify page restrictions, you need to have both:
- 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
- Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.
Page Security Rules
Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:
- Anonymous users are directed to the login page.
- Logged-in users are shown a permissions error page.
It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content.
Users will still be able to find the page if they know its URL. But they will not be able to view the content if they don't have the correct permissions.
Inherited Restrictions and Child Pages
If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.
'Edit' restrictions are not inherited from the parent page, only from the space.
Example of Child Page Restrictions
Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.
For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.
Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.
How to Open Part of a Space
 | If designing a large site implementation with this strategy, consult Page Restrictions Performance Considerations. |
Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:
- Add 'view' permission for both groups A and B in space permissions.
- Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
- Add a page restriction to allow Group A and B to see this page.
- Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.
You can repeat this with any page hierarchy.
| Administrators
|
| You cannot exclude yourself As creator or editor of a page, you cannot use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again. |
What would you like to do?
View a Page's Restrictions
Set a Page's Restrictions
View All Restricted Pages
Page Restrictions Performance Considerations
RELATED TOPICS
Take me back to the Confluence User's Guide.
Comments (30)
Sep 10, 2007
James Mortimer says:
How do I modify the page restriction 'notification' page that is returned so t...Sep 12, 2007
Choy Li Tham says:
Hi James, How do I modify the page restriction 'notification' page that is retu...Hi James,
If you would like to change the page that shows the "you cannot view this page" notification, then you may want to give a try to modify the pagenotpermitted.vm file which is located in the <confluence.home>/pages directory. Please ensure that you have made the appropriate backup of pagenotpermitted.vm file before proceeding with the modification.
Unfortunately, I'm not aware of any plugin or macro that would meet your requirement. To my understanding, a lits of restricted pages can only be seen by the space administrator.Perhaps you may want to search through our confluence extension to see if there are any available plugins which might meet your requirements.
Regards,
Choy Li
Sep 12, 2007
James Mortimer says:
Thanks. Already did but couldn't find anything appropriate there. Will use the p...Thanks. Already did but couldn't find anything appropriate there. Will use the pagenotpermitted.vm mod. Thanks.
Apr 01, 2008
Anonymous says:
The use of the .vm file to modify the "you cannot view this page" notification i...The use of the .vm file to modify the "you cannot view this page" notification is not flexible enough. Our enterprise Wiki has different teams/groups that restrict viewing of portions of their sites. If a parent page has been assigned viewing restriction, they should be able to provide a custom response for users who do not have viewing access to that page or any of its children. That response will direct the user where to go to aquire access. Their may be several different contacts/instructions within a space.
Apr 02, 2008
Mei Yan Chan says:
I would suggest you to raise a feature improvement detailing your requirement at...I would suggest you to raise a feature improvement detailing your requirement at:
Regards,
Mei
Oct 12, 2007
Paul Csapo says:
Just a quick check... why are 'Edit' restrictions not inherited when creating a ...Just a quick check... why are 'Edit' restrictions not inherited when creating a child page underneath an already restricted page? Is it because people can not edit a page that they can not view?
I'm thinking that ALL restrictions should be inherited by default IF the parent page (or a previous parent page) contained restrictions, and then just before the page is saved, an alert informs the creator that the child page has inherited the same viewing/editing restrictions as a precaution, and displaying them if possible.
Then, if the creator of that page needs to modify the restrictions, they can simply re-edit the page and modify the restrictions accordingly. This way, it should minimise the chance of anyone creating a child page in a protected area with more open permissions by mistake.
What do you think?
kind regards,
Paul
Nov 20, 2007
Anonymous says:
Now I have the same problem. I want to restrict the editing of a page and also t...Now I have the same problem. I want to restrict the editing of a page and also the children (nearly about 60) and the restrection is not inherit
.
Nov 21, 2007
Choy Li Tham says:
Hi, We are aware of such needs and there is an improvement request being tracke...Hi,
We are aware of such needs and there is an improvement request being tracked at the following:
If you are keen on this improvement, please do cast your vote to increase its popularity and add yourself as a watcher to the issue for future updates. Also, feel free to add comments to the improvement to reflect the importance of this request.
Regards,
Choy Li
Jan 29, 2008
Bruce harrell says:
Agreed..... YES> If a page is retricted for editing, there should be an ...Agreed..... YES> If a page is retricted for editing, there should be an option to restrict all the children as well...
Bruce
Nov 29, 2007
Thoralf Will says:
I have some trouble with the restrictions as well. Scenario: window.SyntaxHi...I have some trouble with the restrictions as well. Scenario:
Space1 - Page1 - Subpage1 - Page2 - Subpage2 Space2 - Page3 - Page4 - Subpage4 - Subpage5 ... - Page99Now I want someone to be able to access Subpage2, Page4 and it's children only - but not Page1, Page2, Page3, Page5-99. How do I do that?
From my understanding I have to set permissions for all pages manually to keep them from getting displayed, including every newly created page in both spaces.
Is there a way to do this better?
(I would like something like a "positive list", a way to add a user/group to a page so the person in question can access exactly this one page (and maybe its children))
Dec 04, 2007
Tony Cheah Tong Nyee says:
Hi Thoralf, I believe there is no easy way to achieve this. Indeed, the workaro...Hi Thoralf,
I believe there is no easy way to achieve this. Indeed, the workaround that you have suggested is one of the possible way.
Another tedious workaround that I can think of for this is to provide the following scenario:
Additionally, I have also found a feature request that might meet your requirement being tracked here:
Feel free to cast your vote to increase its popularity and add yourself as a watcher so that you will be notified if there are any updates. Also, please add comments to the feature request to truly reflect the importance of the feature to you.
Cheers,
Tony
Dec 11, 2007
Thoralf Will says:
Voted. Another workaround that might help: Adding an additional "default group"...Voted.
Another workaround that might help:
Adding an additional "default group" that every regular member is part of and auto-adding this group to the acl of every newly created page.
The question is: how to set acls for a page automatically when they are created? Is this even possible?
Dec 12, 2007
Tony Cheah Tong Nyee says:
Hi Thoralf, Unfortunately, I am not aware of the automation feature that you ha...Hi Thoralf,
Unfortunately, I am not aware of the automation feature that you have suggested. However, if you are keen on this feature, you may want to raise a new feature request for this in our Issue Tracking system to share your idea and the importance of having this feature.
Cheers,
Tony
Jan 24, 2008
Jakob Voss says:
Our own-hosted installation of Confluence is conneted to an LDAP server for mana...Our own-hosted installation of Confluence is conneted to an LDAP server for management of users and groups. With confluence 2.7.1 I thought you can now give permissions to pages for single users. But in this scenario it does not seem to work:
But PERSON-A still cannot view or edit the page! Is it wrong configuration, a bug, or a feature? We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?
Jan 29, 2008
Ming Giet Chong says:
Hi Jakob, This is the expected behavior where users/groups which are granted wi...Hi Jakob,
This is the expected behavior where users/groups which are granted with view/edit page restriction, they are the only users/groups which has the permission to view/edit the page.
I would suggest you to raise a feature request the our issue tracker https://jira.atlassian.com.
Regards,
MG
Jul 17, 2008
Anonymous says:
I don't believe that is what Jakob was saying - I have SPACE X that is open to ...I don't believe that is what Jakob was saying -
I have SPACE X that is open to all for viewing, but only GROUP-A can edit pages in the space.
I want to be able to invite PERSON-B, who is not in GROUP-A, to edit a page in SPACE X. So I got into the page, change the restrictions to GROUP-A AND PERSON-B, but PERSON-B still cannot edit the page.
The only way we can get them to have permissions to edit the page is to grant PERSON-B edit permissions to all of SPACE-X. Not exactly what we want to do.
Jul 18, 2008
Ming Giet Chong says:
Hi, This is indeed the behavior in Confluence. In order to grant/assign the Pag...Hi,
This is indeed the behavior in Confluence. In order to grant/assign the Page restrictions in the page, the user must has the space permission. For example in your above scenario, the PERSON-B must has the "space permission to create and edit pages" in order to set the page restriction to the page.
You can find more information from the detailed doc below:
Regards,
MG
Sep 19, 2008
Peter Jaffe says:
The "How to Open Part of a Space" scenario has the significant downside of not b...The "How to Open Part of a Space" scenario has the significant downside of not being able to restrict access to Mail, News, and other non-page related content. Maybe this is more of a comment on providing a space's general View permissions at a finer grain.
Sep 22, 2008
Azwandi Mohd Aris [Atlassian] says:
Hi Peter, Thanks for your opinion on this matter. You might want to vote or put...Hi Peter,
Thanks for your opinion on this matter. You might want to vote or put your comments on the following feature requests:
Hope that helps.
Cheers,
Azwandi
Feb 03, 2009
Anonymous says:
I have the problem, that i don't want that anybody can add pages Space1 - Page1...I have the problem, that i don't want that anybody can add pages
Space1 - Page1 (here I want, that only group A can add pages)
there must be an other way as create diffrent spaces, or?
Feb 04, 2009
Giles Gaskell [Atlassian Technical Writer] says:
Hello there, If I understand correctly, do you wish to confirm if Confluence ca...Hello there,
If I understand correctly, do you wish to confirm if Confluence can restrict the addition of pages 'within' an existing page, to specific users or groups?
If so, then unfortunately this feature is currently not available. However, this has already been raised as a JIRA issue in CONF-9374 and you can vote on it to increase its chances of being fixed in a future version.
Best regards,
Giles Gaskell
Technical Writer
ggaskell@atlassian.com
ATLASSIAN - http://www.atlassian.com
Jul 23, 2009
Jason Kabel says:
We also really need this feature, but I don't have access to the CONF-9374 ticke...We also really need this feature, but I don't have access to the CONF-9374 ticket you mention. Is this supposed to be public?
Jul 28, 2009
Azwandi Mohd Aris [Atlassian] says:
Hi Jason, Indeed, CONF-9374 is restricted from public due to security reasons. ...Hi Jason,
Indeed, CONF-9374 is restricted from public due to security reasons. However, I believe that Giles was trying to point to CONF-7089 instead, as it is more relevant to this requirement.
Hope that helps.
Cheers,
Azwandi
Mar 02, 2009
Anonymous says:
I am having pretty good luck with restricting page viewing and editing in my spa...I am having pretty good luck with restricting page viewing and editing in my space. My question is how can I prevent comments on a particular page. I know how to do this at the space-level, but not the page-level. Furthermore, I'd like to restrict people from adding child pages at the page level. Are these tasks possible or would I need to create a feature request? Thanks!
Mar 02, 2009
Azwandi Mohd Aris [Atlassian] says:
Hi, There seems to be a good ongoing discussion on this matters at the followin...Hi,
There seems to be a good ongoing discussion on this matters at the following feature requests:
Feel free to chip in, cast your vote and assign yourself as a watcher to be notified on future updates. Hope that helps!
Cheers,
Azwandi
Mar 02, 2009
Anonymous says:
Thanks very much! I will vote on and track these requests.Thanks very much! I will vote on and track these requests.
Sep 30
Pooja Gandhi says:
Inherited restrictions do not work very effectively. I am able to find the pages...Inherited restrictions do not work very effectively. I am able to find the pages when search and open too despite of the fact that the parent page has view restrictions for "Anonymous" Users.
I used Confluence 2.10; is it a bug in it?
Nov 11
Davide De Benedictis says:
Hi all, I see that meny people have sophisticate needs... but I should have a "...Hi all,
I see that meny people have sophisticate needs... but I should have a "simple" problem with restrictions (I have Confluence 3.0.1):
I have a user with a default personal space. I mean "default" because we did not change the default page and personal space permissions: confluence-users can view the all the personal pages but only the author and space owner can edit the pages.
Now this user creates a page inside his personal space and he wants that another user can edit only this new page.
He followed all the instructions in the docs and now the page reports:
Only Axxx can edit this page. (set by Axxx at 11 November, 2009 15:17)
Only Bxxx can edit this page. (set by Axxx at 11 November, 2009 14:50)
Obviously Axxx is the space owner.
Unfortunately user Bxxx still is not able to edit the page but he can see its name as a user with edit permission on it.
What is wrong?
Thank you in advance
Feb 03
Anonymous says:
Why are the 'Edit' restrictions not inherited by children pages? This would it e...Why are the 'Edit' restrictions not inherited by children pages? This would it easier to have different topics from different departments in 1 wikispace.
I know its possible on wikispace level, but i need to have different permissions for pages in one wikispace
Feb 04
Zed Yap [Atlassian] says:
Hi, I found a feature request in JIRA: http://jira.atlassian.com/browse/CONF...Hi,
I found a feature request in JIRA:
Please add your comments to the discussion, vote on it and add yourself as a watcher for future updates. Also, please bear in mind the following document on how we schedule features for inclusion in our products: Implementation of New Features and Improvements.
Hope that helps.
Best rgds,
Zed
Add Comment