Page restrictions allow you to control who can view or edit individual pages. You can set the page restrictions when editing a page, using menus below the text-entry box.
When a page you are viewing has restrictions applied, a small padlock icon appears next to the page byline. Clicking the padlock will take you to the 'Information View', where full details on the page restrictions are displayed.
In order to set or modify page restrictions, you need to have both:
- 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
- Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.
Page Security Rules
Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:
- Anonymous users are directed to the login page.
- Logged-in users are shown a permissions error page.
It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content. To keep the existence of a page or space secret, do not link to it from other sources.
Users will still be able to find the page if they know it's URL. But they will not be able to view the content if they don't have the correct permissions.
Inherited Restrictions and Child Pages
If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.
'Edit' restrictions are not inherited from the parent page, only from the space.
Example of Child Page Restrictions
Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.
For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.
Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.
How to Open Part of a Space
Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:
- Add 'view' permission for both groups A and B in space permissions.
- Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
- Add a page restriction to allow Group A and B to see this page.
- Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.
You can repeat this with any page hierarchy.
What would you like to do?
Take me back to Confluence User Guide