It is a common case that a Confluence admin would like to partition access to their site, restricting various user groups to their corresponding spaces within Confluence. This is especially true if you have opened up your instance to external groups of users such as customers, partners, or public (anonymous) users. 

This how-to will explain the steps needed to both separate project access, while granting read-only access to particular groups working within a project. The example is written in context of granting access to various client groups.

First, a quick review of Confluence permissions: 

Confluence supports three levels of permissions:

• Global permissions control who has access to the site as a whole, as well which users have global administrator or system administrator permissions.
• Space permissions control who has access view a space's content, but also perform content-specific actions within that space. 
• Page restrictions control who has read or write access to an individual page. Any child pages underneath it inherit the set restrictions.

You can read a full overview of Confluence security here.

We'll assume here that a Confluence Administrator has already: 

1. Created the users in Confluence. 
2. Populated these users into client or team-specific groups (i.e. all users from 'Company A' are grouped into the 'Client A' group) 
3. Granted these groups Confluence access (via the Confluence 'Can Use' global permission). 

Give groups access to only specific spaces: 

1. For a given space's permissions, ensure that the relevant group has the 'View' permission enabled. See Assigning Space Permissions to Groups. 
   Note: The View space permission determines whether a user or group access to the space as a whole. Users who do not have 'View' permissions to the space will not see the space via the Confluence space directory, and will not be able to access pages in the space linked to from other locations. 
2. Optionally, enable 'Add' or 'Delete' comments permissions as well. Though users won't be able to edit or create page content itself, commenting can help encourage their active participation on pages. 
3. Add additional admin/internal groups to the space permissions to ensure that internal users can also view the project. 
4. Enable additional add/delete permissions (such as Add/Delete Pages) to these admin/internal groups to grant them page editing capabilities.