Page restrictions allow you to control who can view or edit individual pages. You set the page restrictions using the Page Restrictions dialog, either directly by choosing Tools > Restrictions, or when editing a page. For instructions on using the Page Restrictions dialog, refer to Setting a Page's Restrictions. When a page you are viewing has restrictions applied, a small padlock icon appears next to the page byline. Clicking the padlock will open the Page Restrictions dialog, where full details on the page restrictions are displayed. |
Screenshot: The Confluence Page Restrictions dialog
The Confluence Permissions and Page Restrictions Hierarchy
Permissions and page restrictions in Confluence work within a hierarchical manner. For example, users who can access and modify global permissions (for instance, Confluence Administrators) can define which users can access and modify space level permissions (that is, space administrators). Space administrators can then define which users have access to create and modify pages. These users in turn can then apply viewing and editing restrictions to a page. By inheritance, these restrictions will also be applied to any child or descendant pages which are then added to that page.
See the diagram below for an illustration.
Diagram: Confluence Restrictions Hierarchy
Gliffy Requirements for Setting Restrictions
In order to set or modify page restrictions, you need to have both:
- 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
- Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.
Page Security Rules
Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:
- Anonymous users are directed to the login page.
- Logged-in users are shown a permissions error page.
It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content.
Users will still be able to find the page if they know its URL. But they will not be able to view the content if they don't have the correct permissions.
Inherited Restrictions and Child Pages
If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.
'Edit' restrictions are not inherited from the parent page, only from the space.
Example of Child Page Restrictions
Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.
For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.
Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.
How to Open Part of a Space
 | If designing a large site implementation with this strategy, consult Page Restrictions Performance Considerations. |
Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:
- Add 'view' permission for both groups A and B in space permissions.
- Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
- Add a page restriction to allow Group A and B to see this page.
- Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.
You can repeat this with any page hierarchy.
 | Administrators
|
| You cannot exclude yourself As creator or editor of a page, you cannot use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again. |
Related Topics
View a Page's Restrictions
Set a Page's Restrictions
View All Restricted Pages
Page Restrictions Performance Considerations
Take me back to the Confluence User's Guide.
53 Comments
Hide/Show CommentsSep 10, 2007
James Mortimer
Sep 12, 2007
Choy Li Tham
Hi James,
If you would like to change the page that shows the "you cannot view this page" notification, then you may want to give a try to modify the
pagenotpermitted.vmfile which is located in the <confluence.home>/pages directory. Please ensure that you have made the appropriate backup ofpagenotpermitted.vmfile before proceeding with the modification.Unfortunately, I'm not aware of any plugin or macro that would meet your requirement. To my understanding, a lits of restricted pages can only be seen by the space administrator.Perhaps you may want to search through our confluence extension to see if there are any available plugins which might meet your requirements.
Regards,
Choy Li
Sep 12, 2007
James Mortimer
Thanks. Already did but couldn't find anything appropriate there. Will use the pagenotpermitted.vm mod. Thanks.
Nov 20, 2011
Anonymous
Apr 01, 2008
Anonymous
The use of the .vm file to modify the "you cannot view this page" notification is not flexible enough. Our enterprise Wiki has different teams/groups that restrict viewing of portions of their sites. If a parent page has been assigned viewing restriction, they should be able to provide a custom response for users who do not have viewing access to that page or any of its children. That response will direct the user where to go to aquire access. Their may be several different contacts/instructions within a space.
Apr 02, 2008
Mei Yan Chan
I would suggest you to raise a feature improvement detailing your requirement at:
Regards,
Mei
Aug 28, 2011
Anonymous
That's not just the best answer. It's the besetst answer!
Oct 12, 2007
Paul Csapo
Just a quick check... why are 'Edit' restrictions not inherited when creating a child page underneath an already restricted page? Is it because people can not edit a page that they can not view?
I'm thinking that ALL restrictions should be inherited by default IF the parent page (or a previous parent page) contained restrictions, and then just before the page is saved, an alert informs the creator that the child page has inherited the same viewing/editing restrictions as a precaution, and displaying them if possible.
Then, if the creator of that page needs to modify the restrictions, they can simply re-edit the page and modify the restrictions accordingly. This way, it should minimise the chance of anyone creating a child page in a protected area with more open permissions by mistake.
What do you think?
kind regards,
Paul
Nov 20, 2007
Anonymous
Now I have the same problem. I want to restrict the editing of a page and also the children (nearly about 60) and the restrection is not inherit
.
Nov 21, 2007
Choy Li Tham
Hi,
We are aware of such needs and there is an improvement request being tracked at the following:
If you are keen on this improvement, please do cast your vote to increase its popularity and add yourself as a watcher to the issue for future updates. Also, feel free to add comments to the improvement to reflect the importance of this request.
Regards,
Choy Li
Jan 29, 2008
Bruce harrell
Agreed..... YES> If a page is retricted for editing, there should be an option to restrict all the children as well...
Bruce
Dec 07, 2011
Anonymous
Same Problem here! Is there a solution already??
Nov 29, 2007
Thoralf Will
I have some trouble with the restrictions as well. Scenario:
Now I want someone to be able to access Subpage2, Page4 and it's children only - but not Page1, Page2, Page3, Page5-99. How do I do that?
From my understanding I have to set permissions for all pages manually to keep them from getting displayed, including every newly created page in both spaces.
Is there a way to do this better?
(I would like something like a "positive list", a way to add a user/group to a page so the person in question can access exactly this one page (and maybe its children))
Dec 04, 2007
Tony Cheah Tong Nyee
Hi Thoralf,
I believe there is no easy way to achieve this. Indeed, the workaround that you have suggested is one of the possible way.
Another tedious workaround that I can think of for this is to provide the following scenario:
Additionally, I have also found a feature request that might meet your requirement being tracked here:
Feel free to cast your vote to increase its popularity and add yourself as a watcher so that you will be notified if there are any updates. Also, please add comments to the feature request to truly reflect the importance of the feature to you.
Cheers,
Tony
Dec 11, 2007
Thoralf Will
Voted.
Another workaround that might help:
Adding an additional "default group" that every regular member is part of and auto-adding this group to the acl of every newly created page.
The question is: how to set acls for a page automatically when they are created? Is this even possible?
Dec 12, 2007
Tony Cheah Tong Nyee
Hi Thoralf,
Unfortunately, I am not aware of the automation feature that you have suggested. However, if you are keen on this feature, you may want to raise a new feature request for this in our Issue Tracking system to share your idea and the importance of having this feature.
Cheers,
Tony
Jan 24, 2008
Jakob Voss
Our own-hosted installation of Confluence is conneted to an LDAP server for management of users and groups. With confluence 2.7.1 I thought you can now give permissions to pages for single users. But in this scenario it does not seem to work:
But PERSON-A still cannot view or edit the page! Is it wrong configuration, a bug, or a feature? We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?
Jan 29, 2008
Ming Giet Chong
Hi Jakob,
This is the expected behavior where users/groups which are granted with view/edit page restriction, they are the only users/groups which has the permission to view/edit the page.
I would suggest you to raise a feature request the our issue tracker https://jira.atlassian.com.
Regards,
MG
Jul 17, 2008
Anonymous
I don't believe that is what Jakob was saying -
I have SPACE X that is open to all for viewing, but only GROUP-A can edit pages in the space.
I want to be able to invite PERSON-B, who is not in GROUP-A, to edit a page in SPACE X. So I got into the page, change the restrictions to GROUP-A AND PERSON-B, but PERSON-B still cannot edit the page.
The only way we can get them to have permissions to edit the page is to grant PERSON-B edit permissions to all of SPACE-X. Not exactly what we want to do.
Jul 18, 2008
Ming Giet Chong
Hi,
This is indeed the behavior in Confluence. In order to grant/assign the
Page restrictionsin the page, the user must has the space permission. For example in your above scenario, the PERSON-B must has the "space permission to create and edit pages" in order to set the page restriction to the page.You can find more information from the detailed doc below:
Regards,
MG
Aug 28, 2011
Anonymous
Hey, you're the goto expert. Thanks for haginng out here.
Sep 19, 2008
Peter Jaffe
The "How to Open Part of a Space" scenario has the significant downside of not being able to restrict access to Mail, News, and other non-page related content. Maybe this is more of a comment on providing a space's general View permissions at a finer grain.
Sep 22, 2008
Azwandi Mohd Aris [Atlassian]
Hi Peter,
Thanks for your opinion on this matter. You might want to vote or put your comments on the following feature requests:
Hope that helps.
Cheers,
Azwandi
Feb 03, 2009
Anonymous
I have the problem, that i don't want that anybody can add pages
Space1 - Page1 (here I want, that only group A can add pages)
there must be an other way as create diffrent spaces, or?
Feb 04, 2009
Giles Gaskell [Atlassian Technical Writer]
Hello there,
If I understand correctly, do you wish to confirm if Confluence can restrict the addition of pages 'within' an existing page, to specific users or groups?
If so, then unfortunately this feature is currently not available. However, this has already been raised as a JIRA issue in CONF-9374 and you can vote on it to increase its chances of being fixed in a future version.
Best regards,
Giles Gaskell
Technical Writer
ggaskell@atlassian.com
ATLASSIAN - http://www.atlassian.com
Jul 23, 2009
Jason Kabel
We also really need this feature, but I don't have access to the CONF-9374 ticket you mention. Is this supposed to be public?
Jul 28, 2009
Azwandi Mohd Aris [Atlassian]
Hi Jason,
Indeed, CONF-9374 is restricted from public due to security reasons. However, I believe that Giles was trying to point to CONF-7089 instead, as it is more relevant to this requirement.
Hope that helps.
Cheers,
Azwandi
Mar 02, 2009
Anonymous
I am having pretty good luck with restricting page viewing and editing in my space. My question is how can I prevent comments on a particular page. I know how to do this at the space-level, but not the page-level. Furthermore, I'd like to restrict people from adding child pages at the page level. Are these tasks possible or would I need to create a feature request? Thanks!
Mar 02, 2009
Azwandi Mohd Aris [Atlassian]
Hi,
There seems to be a good ongoing discussion on this matters at the following feature requests:
Feel free to chip in, cast your vote and assign yourself as a watcher to be notified on future updates. Hope that helps!
Cheers,
Azwandi
Mar 02, 2009
Anonymous
Thanks very much! I will vote on and track these requests.
Sep 30, 2009
Pooja Gandhi
Inherited restrictions do not work very effectively. I am able to find the pages when search and open too despite of the fact that the parent page has view restrictions for "Anonymous" Users.
I used Confluence 2.10; is it a bug in it?
Oct 18, 2010
Oeyvind Aamdal Eliassen
Hi all,
I am having the same problem.
I have view restrictions on a page called Entity Pages for the group some-group. Only users in this group can view Entity Pages. But all users can view the children of Entity Pages.
Is this a known bug in Confluence? I am using Confluence 3.2.1
Nov 11, 2009
Davide De Benedictis
Hi all,
I see that meny people have sophisticate needs... but I should have a "simple" problem with restrictions (I have Confluence 3.0.1):
I have a user with a default personal space. I mean "default" because we did not change the default page and personal space permissions: confluence-users can view the all the personal pages but only the author and space owner can edit the pages.
Now this user creates a page inside his personal space and he wants that another user can edit only this new page.
He followed all the instructions in the docs and now the page reports:
Only Axxx can edit this page. (set by Axxx at 11 November, 2009 15:17)
Only Bxxx can edit this page. (set by Axxx at 11 November, 2009 14:50)
Obviously Axxx is the space owner.
Unfortunately user Bxxx still is not able to edit the page but he can see its name as a user with edit permission on it.
What is wrong?
Thank you in advance
Feb 03, 2010
Anonymous
Why are the 'Edit' restrictions not inherited by children pages? This would it easier to have different topics from different departments in 1 wikispace.
I know its possible on wikispace level, but i need to have different permissions for pages in one wikispace
Feb 04, 2010
Zed Yap [Atlassian]
Hi,
I found a feature request in JIRA:
Please add your comments to the discussion, vote on it and add yourself as a watcher for future updates. Also, please bear in mind the following document on how we schedule features for inclusion in our products: Implementation of New Features and Improvements.
Hope that helps.
Best rgds,
Zed
Feb 10, 2010
Anonymous
I have a resctricted page with links to attachments. The link to the attachments are disabled to people that do not have viewing permissions but if they go to the "attachment" menu option of the page, they are able to see them and open them.
How can I protect attachments as well?
Sep 25, 2010
Anonymous
is there an answer to this ?????
Sep 30, 2010
Anonymous
I have a similar problem with page ristrictions. I can access the function, when editing a page, but when i try to Restrict viewing of this pageor Restrict editing of this page nothing happens. I have added both me, groups and users but with no result. Any ideas
Oct 05, 2010
Jay Sellers
Is there any way to apply security to portions of a page? In the older versions we could restrict certain things in a page to certain people/groups. I'm trying to do this with Confluence 3.3.1 and can't figure out how.
Example:
If I have a Business document and I want to have a section of the page that contains links to the technical specifications, I want that link only viewable by my developers, not SMEs or Sales.
Thx,
-Jay
Oct 12, 2010
heather
I like the non inheritance myself. I think this is important. My issue is that edit permissions are defaulting as restricted. I want it to default as editable by the groups with access to changing pages. I just changed my space permissions so that no one can restrict pages (assume this means editing). Older pages did not inherit this change. I can get to the screen where I can change permissions, but I can only do it for my pages (I am a system and space admin). i want to change a BATCH of pages with restrictions. How can I make a batch change?
Oct 20, 2010
Anonymous
Since the upgrade to 3.3.x our Confluence instance does not allow to change page restrictions using the Security Lock symbol or by tools/restrictions. the dialog lightbox does not pop up. We can remove restrictions by going into page edit mode and select restrictions:edit - but here we can only remove restrictions alreday set but not add new restrictions. We traced the HTTP communication between Firefox and the server and we will get an 404 for the URL, like this
GET 404 text/html http://confluence/pages/getpagepermissions.action?pageId=1998953&parentPageId=&parentPageTitle=
What's happen? We strongly need a solution.
Thanx for any help and suggestions.
Dennis
Oct 20, 2010
heather
I have the same issue. I am a system administrator and on some pages I can't remove restrictions at all unless I go at it through the admin panel. Firefox and Safari behave the same.
I think that I have not had a problem with most pages going forward, but old pages are funny. Check to see if this is true for you.
Oct 21, 2010
Anonymous
We cannot change page restrictions on any page using tools/restrictions. On old pages we can remove restrictions while going into edit mode and open the restriction dialog there. All kind of users have this problem. The problem occurs with Firefox and Internet Explorer.
We strongly need a solution cause some of our managers do not like to add data without having access control to it.
BTW Our Confluence requests server resources which also cannot be found, e. g. the picture /s/1925/200/8/_/images/icons/view_16.png :-( It should be the eye on the restrictions dialog pop up.
Nov 18, 2010
Anonymous
We solved the problem :)
We have customized layouts in our Wiki. We resetted to the default layouts from 3.3.3 and our changes to the new layout definitions and the page restrictions worked fine.
In future we will keep care of our layouts ;-)
Dennis
Jan 06, 2011
Anonymous
More specifically, you just need to add the following line to your page layout.
#parse("/decorators/includes/page-content-includes.vm")
Then it would work fine =)
Oct 20, 2010
heather
I am having an issue of some people's new pages automatically being given edit restrictions without them adding this restriction. There is no page restriction to any parents, and this is only some users. I there some setting in personal profiles to make edit restrictions a default? Any clues?
Apr 07, 2011
Anonymous
How can I change de language for the Page Restrictions Dialog Box ?
I try using one lenguage pack but no works =(
Aug 16, 2011
Eric O'Brien
I'm having a problem where a page says it has restrictions, i.e. it shows the padlock icon, but the admin console says there are no restricted pages in the space. On top of that I can't seem to remove these phantom restrictions, even though I'm a conf admin I get "Not Permitted" on this one page. Any ideas?
Sep 26, 2011
Edwin Dawson [Atlassian Technical Writer]
Please open a support request at support.atlassian,com in the Confluence project.
Oct 12, 2011
Anonymous
Hi!
Is it possible to set up a "page release restriction" where a page only gets released, if someone else from your team reviews it and then confirms tthe release? Its just to be sure that no confidential knowledge gets out. --> Two-man-rule
Thanks!
Oct 14, 2011
Edwin Dawson [Atlassian Technical Writer]
Hi there, I don't think this is natively supported.
If you would like to see this in Confluence, please raise a feature request in our issue tracker at https://jira.atlassian.com/browse/conf
Oct 21, 2011
Anonymous
Note of caution - I've been able to set up two areas that provide public and private permissions and this works fine. However if you use the include/import macro on the public page so that it include content from the private page so that content is available on both private and public pages for those with the correct permissions, if you then edit the public page, an email notification is sent to those watching the public page which includes both the public content and the imported / included content - regardless of permissions.
Dec 13, 2011
Anonymous
I want to restrict the error of 404 which is coming when users give somepagename.aspx in url after the main url of the project. Pls help me with the same. thanks in advance.
Add Comment