The three special groups in Confluence are:
- system-administrators (sys admin) – The user that sets up a Confluence instance will be the first sys admin; they can also appoint other sys admins by granting them the 'System Administrator' global permission. They can perform all Confluence administrative functions, including assigning permissions to other users.
- confluence-administrators – Can perform most of the Confluence administrative functions, like assign permissions to other users, but they can't perform any functions that could compromise the security of the Confluence system. They can also access the Confluence Admin console.
- confluence-users - this is the default group into which all new users are assigned. Permissions defined for this group will be assigned to all new Confluence users.
All users who don't log in when they access Confluence are know as 'anonymous' users. By default, anonymous users don't have access to view or change any content in your Confluence instance, but Confluence admins can assign permissions to this group if it's required.
Overlapping group and user permissions
When a user is assigned more than one permission, the more powerful permission will prevail.
- A user may be assigned a permission specifically to their username. They may also be assigned a permission by belonging to a group, or even several groups.
- The user will then be able to perform all functions assigned to them.
- So if a user is allowed to do something over and above what the group can do, the user will be able to do it. And if the group is allowed to do something over and above the specific permissions granted to the user, the user will still be able to do it.