Documentation for Confluence 5.8 (Server).
Documentation for Confluence Cloud and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

Page restrictions allow you to control who can view and/or edit individual pages in a space. So, if you're working on a page that shouldn't be viewed by just anybody, it's easy to lock it down to the people who need to know. You can add restrictions for individuals or for Confluence groups

To add or remove page restrictions, you'll need to have permissions to edit the page and 'Restrict' or 'Admin' permission in the space.

Restrict a page

To restrict who can view or edit a page:

  1. Go to the page and choose  > Restrictions
  2. Choose Restrict viewing of this page or Restrict editing of this page
  3. Enter part of user or group name and choose the appropriate user or group from the autocomplete drop down

Add as many users and/or groups as you need to.

On this page:

To add restrictions when you're creating or editing a page, choose the restrictions icon at the top of the page.

 

Once you add restrictions, only those people and groups listed in the restrictions dialog will be allowed to view or edit the page.

You don't need to add someone as an editor and viewer in the restrictions dialog.  We'll check if the person is allowed to edit , and if they are, we'll let them see the page.

How restrictions are inherited

View restrictions are inherited, which means a restriction applied to one page will cascade down to any child pages.  Edit restrictions are not inherited, which means pages need to be restricted individually.

Here's the basics:

  • If you restrict viewing to a person or group, only they will be able to see that page and all its child pages (unless there are further restrictions on the child pages)
  • If you restrict editing to a person or group, they'll be able to see and edit that page, plus see its child pages.
  • Parent pages (higher up in the page hierarchy) can have their own view restrictions that may prevent people from viewing your page.

If the person you've listed as a viewer or editor can't see the page, check to make sure:

  • they have View space permission for that space, or
  • there's no view restriction on a page higher up the page hierarchy that prevents them seeing any children of that page.

View current page restrictions

Confluence displays a padlock icon in the byline when a page has view or edit restrictions.

To view the page's restrictions, go to the page and do any of the following:

    • choose  > Restrictions
    • choose the padlock icon in the byline
    • choose the Restricted icon  at the top of the page if you're in the editor

You'll see the page restrictions dialog listing the users and groups that have permission to view or edit the page.

Screenshot: Page Restrictions dialog showing viewing restricted to the 'developers' group and editing restricted to two users. 

Remove restrictions from a page

If you need to remove existing restrictions, choose Remove restriction next to the user or group.

Request and grant access to view a restricted page

If you navigate to a page that you're not able to view because it has page restrictions applied (for example from a link or page URL) you may be able to request access to the page. 

To request access to a restricted page:

  1. On the restricted page choose Request access
  2. Wait for an email confirming that access has been granted

If the request access message doesn't appear, you're not able to request access for that particular page. This usually is because the page has inherited view restrictions from a parent page, or you may not have adequate space permissions.

To grant access to a restricted page:

  1. In the request access email, choose Grant access
    You'll be taken to the restricted page, and a dialog will appear with the access request
  2. Choose Grant access

 

The user will receive an email confirming that access has been granted. 

This process is the same as navigating to  > Restrictions and adding a 'View' restriction for the user. 

 

Who can grant access?

To grant access to a restricted page you will need to have permission to edit that page, and have the 'Restrict' or 'Admin' permission for the space.

Confluence will send an email to a user who can grant permissions. The sequence that Confluence will use to search for the appropriate user is:

  1. The last person to edit the page
  2. All non-admin users that can set permissions on the page (given that an admin user can always set permissions)
  3. The page creator
  4. All the space administrators

Confluence will try each of these roles in turn, emailing the first user that has appropriate permissions.

View all restricted pages in a space

You need space admin permissions to view the list of restricted pages in a space.

To view restricted pages:

  1. Go to the space and choose Space tools > Permissions from the bottom of the sidebar

  2. Choose Restricted Pages

If your space uses the Documentation theme:

  1. Choose Browse > Space Admin from the header

    Note: The Space Admin option appears only if you have space admin permissions, or if you're part of the 'confluence-administrators' group.

  2. Choose Restricted Pages in the space administration options

Screenshot: Restricted pages in a space

 

Notes

  • You can't exclude yourself 
    As creator or editor of a page, you can't use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again. 
  • Space Admin and System Administrator access to restricted pages 
    Users with 'Admin' permissions in a space, or users with the System Administrator global permission can remove restrictions from pages, even if the page restriction prevents them from viewing the page. Go to  Space Administration  >  Restricted Pages.

105 Comments

    • How do I modify the page restriction 'notification' page that is returned so that I can indicate who the user should contact when they come accross a restricted page?
    • How do I display the list of page restrictions inline on a given page, to make it clear to users to whom the page is restricted?
    1. Hi James,

      How do I modify the page restriction 'notification' page that is returned so that I can indicate who the user should contact when they come across a restricted page?

      If you would like to change the page that shows the "you cannot view this page" notification, then you may want to give a try to modify the pagenotpermitted.vm file which is located in the <confluence.home>/pages directory. Please ensure that you have made the appropriate backup of pagenotpermitted.vm file before proceeding with the modification.

      How do I display the list of page restrictions inline on a given page, to make it clear to users to whom the page is restricted?

      Unfortunately, I'm not aware of any plugin or macro that would meet your requirement. To my understanding, a lits of restricted pages can only be seen by the space administrator.Perhaps you may want to search through our confluence extension to see if there are any available plugins which might meet your requirements.

      Regards,
      Choy Li

      1. Thanks. Already did but couldn't find anything appropriate there. Will use the pagenotpermitted.vm mod. Thanks.

      2. Anonymous

        The use of the .vm file to modify the "you cannot view this page" notification is not flexible enough.  Our enterprise Wiki has different teams/groups that restrict viewing of portions of their sites.  If a parent page has been assigned viewing restriction, they should be able to provide a custom response for users who do not have viewing access to that page or any of its children.  That response will direct the user where to go to aquire access.  Their may be several different contacts/instructions within a space.

        1. I would suggest you to raise a feature improvement detailing your requirement at:

          Regards,
          Mei

          1. Has the feature request been raised for now?

  1. Just a quick check... why are 'Edit' restrictions not inherited when creating a child page underneath an already restricted page? Is it because people can not edit a page that they can not view?

    I'm thinking that ALL restrictions should be inherited by default IF the parent page (or a previous parent page) contained restrictions, and then just before the page is saved, an alert informs the creator that the child page has inherited the same viewing/editing restrictions as a precaution, and displaying them if possible.

    Then, if the creator of that page needs to modify the restrictions, they can simply re-edit the page and modify the restrictions accordingly. This way, it should minimise the chance of anyone creating a child page in a protected area with more open permissions by mistake.

    What do you think?

    kind regards,
    Paul

    1. Anonymous

      Now I have the same problem. I want to restrict the editing of a page and also the children (nearly about 60) and the restrection is not inherit (sad).

      1. Hi,

        We are aware of such needs and there is an improvement request being tracked at the following:

        If you are keen on this improvement, please do cast your vote to increase its popularity and add yourself as a watcher to the issue for future updates. Also, feel free to add comments to the improvement to reflect the importance of this request.

        Regards,
        Choy Li

        1. Agreed..... YES> If a page is retricted for editing, there should be an option to restrict all the children as well...

          Bruce

      2. Anonymous

        Same Problem here! Is there a solution already??

  2. I have some trouble with the restrictions as well. Scenario:

    Now I want someone to be able to access Subpage2, Page4 and it's children only - but not Page1, Page2, Page3, Page5-99. How do I do that?
    From my understanding I have to set permissions for all pages manually to keep them from getting displayed, including every newly created page in both spaces.

    Is there a way to do this better?

    (I would like something like a "positive list", a way to add a user/group to a page so the person in question can access exactly this one page (and maybe its children))

    1. Hi Thoralf,

      I believe there is no easy way to achieve this. Indeed, the workaround that you have suggested is one of the possible way.

      Now I want someone to be able to access Subpage2, Page4 and it's children only

      Another tedious workaround that I can think of for this is to provide the following scenario:

      1. Having a space created
      2. The space should consist of two main parent pages
      3. The first parent page is restricted from the specific user/group to be viewed
      4. The second parent page does not restrict the user/group to view the content
      5. Summary:
        Space
        - Parent page 1 (With restriction)
           -- Subsequently, the children pages would also inherit the permissions automatically
        - Parent page 2 (Without restriction to the user/group)
           -- Hence, the children pages are also viewable by the the user/group
        

      Additionally, I have also found a feature request that might meet your requirement being tracked here:

      Feel free to cast your vote to increase its popularity and add yourself as a watcher so that you will be notified if there are any updates. Also, please add comments to the feature request to truly reflect the importance of the feature to you.

      Cheers,
      Tony

      1. Voted.

        Another workaround that might help:
        Adding an additional "default group" that every regular member is part of and auto-adding this group to the acl of every newly created page.
        The question is: how to set acls for a page automatically when they are created? Is this even possible?

        1. Hi Thoralf,

          Unfortunately, I am not aware of the automation feature that you have suggested. However, if you are keen on this feature, you may want to raise a new feature request for this in our Issue Tracking system to share your idea and the importance of having this feature.

          Cheers,
          Tony

      2. Anonymous

        is the conf 7089 still going to happen?

  3. Our own-hosted installation of Confluence is conneted to an LDAP server for management of users and groups. With confluence 2.7.1 I thought you can now give permissions to pages for single users. But in this scenario it does not seem to work:

    1. SPACE-X is restricted for viewing and editing to GROUP-Y
    2. PAGE-Z is in SPACE-X.
    3. PAGE-Z is edited and restricted for viewing and editing to GROUP-Y and another PERSON-A (who is not in GROUP-Y)

    But PERSON-A still cannot view or edit the page! Is it wrong configuration, a bug, or a feature? We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?

    1. Hi Jakob,

      This is the expected behavior where users/groups which are granted with view/edit page restriction, they are the only users/groups which has the permission to view/edit the page.

      We would like to invite additional people to collaborate at pages that are restricted by default. How can we do this?

      I would suggest you to raise a feature request the our issue tracker https://jira.atlassian.com.

      Regards,
      MG

      1. Anonymous

        I don't believe that is what Jakob was saying -

        I have SPACE X that is open to all for viewing, but only GROUP-A can edit pages in the space.

        I want to be able to invite PERSON-B, who is not in GROUP-A, to edit a page in SPACE X.  So I got into the page, change the restrictions to GROUP-A AND PERSON-B, but PERSON-B still cannot edit the page.

        The only way we can get them to have permissions to edit the page is to grant PERSON-B edit permissions to all of SPACE-X.  Not exactly what we want to do.

        1. Hi,

          This is indeed the behavior in Confluence. In order to grant/assign the Page restrictions in the page, the user must has the space permission. For example in your above scenario, the PERSON-B must has the "space permission to create and edit pages" in order to set the page restriction to the page.

          You can find more information from the detailed doc below:

          Regards,
          MG

  4. The "How to Open Part of a Space" scenario has the significant downside of not being able to restrict access to Mail, News, and other non-page related content. Maybe this is more of a comment on providing a space's general View permissions at a finer grain.

    1. Hi Peter,

      Thanks for your opinion on this matter. You might want to vote or put your comments on the following feature requests:

      Hope that helps.

      Cheers,
      Azwandi

  5. Anonymous

    I have the problem, that i don't want that anybody can add pages

    Space1 - Page1 (here I want, that only group A can add pages)

    • Page2 (here I want, that only group B can add pages)

    there must be an other way as create diffrent spaces, or?

    1. Hello there,

      If I understand correctly, do you wish to confirm if Confluence can restrict the addition of pages 'within' an existing page, to specific users or groups?

      If so, then unfortunately this feature is currently not available. However, this has already been raised as a JIRA issue in CONF-9374 and you can vote on it to increase its chances of being fixed in a future version.

      Best regards,

      Giles Gaskell
      Technical Writer
      ggaskell@atlassian.com
      ATLASSIAN - http://www.atlassian.com

      1. We also really need this feature, but I don't have access to the CONF-9374 ticket you mention. Is this supposed to be public?

        1. Hi Jason,

          Indeed, CONF-9374 is restricted from public due to security reasons. However, I believe that Giles was trying to point to CONF-7089 instead, as it is more relevant to this requirement.

          Hope that helps.

          Cheers,
          Azwandi

  6. Anonymous

    I am having pretty good luck with restricting page viewing and editing in my space.  My question is how can I prevent comments on a particular page.  I know how to do this at the space-level, but not the page-level.  Furthermore, I'd like to restrict people from adding child pages at the page level.  Are these tasks possible or would I need to create a feature request?  Thanks!

    1. Hi,

      There seems to be a good ongoing discussion on this matters at the following feature requests:

      Feel free to chip in, cast your vote and assign yourself as a watcher to be notified on future updates. Hope that helps!

      Cheers,
      Azwandi

      1. Anonymous

        Thanks very much!  I will vote on and track these requests.

  7. Inherited restrictions do not work very effectively. I am able to find the pages when search and open too despite of the fact that the parent page has view restrictions for "Anonymous" Users.

    I used Confluence 2.10; is it a bug in it?

    1. Hi all,

      I am having the same problem.

      I have view restrictions on a page called Entity Pages for the group some-group. Only users in this group can view Entity Pages. But all users can view the children of Entity Pages.

      Is this a known bug in Confluence? I am using Confluence 3.2.1

  8. Hi all,

    I see that meny people have sophisticate needs... but I should have a "simple" problem with restrictions (I have Confluence 3.0.1):

    I have a user with a default personal space. I mean "default" because we did not change the default page and personal space permissions: confluence-users can view the all the personal pages but only the author and space owner can edit the pages.

    Now this user creates a page inside his personal space and he wants that another user can edit only this new page.

    He followed all the instructions in the docs and now the page reports:

    Only Axxx can edit this page. (set by Axxx at 11 November, 2009 15:17)
    Only Bxxx can edit this page. (set by Axxx at 11 November, 2009 14:50)

    Obviously Axxx is the space owner.

    Unfortunately user Bxxx still is not able to edit the page but he can see its name as a user with edit permission on it.

    What is wrong?

    Thank you in advance

  9. Anonymous

    Why are the 'Edit' restrictions not inherited by children pages? This would it easier to have different topics from different departments in 1 wikispace.

    I know its possible on wikispace level, but i need to have different permissions for pages in one wikispace

    1. Hi,

      I found a feature request in JIRA:

      Please add your comments to the discussion, vote on it and add yourself as a watcher for future updates. Also, please bear in mind the following document on how we schedule features for inclusion in our products: Implementation of New Features and Improvements.

      Hope that helps.
      Best rgds,
      Zed

  10. Anonymous

    I have a resctricted page with links to attachments. The link to the attachments are disabled to people that do not have viewing permissions but if they go to the "attachment" menu option of the page, they are able to see them and open them. 

    How can I protect attachments as well?

    1. Anonymous

      I also need the ability to restrict access to Attachments so that they are not viewable / accessible from anywhere.  This is an old question but I can't find an answer.  Is it possible now and if so, how?  Thanks - Ruth

       

       

  11. Anonymous

    is there an answer to this ?????

  12. Anonymous

    I have a similar problem with page ristrictions. I can access the function, when editing a page, but when i try to Restrict viewing of this pageor Restrict editing of this page nothing happens. I have added both me, groups and users but with no result. Any ideas 

  13. Is there any way to apply security to portions of a page?  In the older versions we could restrict certain things in a page to certain people/groups.  I'm trying to do this with Confluence 3.3.1 and can't figure out how.

    Example:
    If I have a Business document and I want to have a section of the page that contains links to the technical specifications, I want that link only viewable by my developers, not SMEs or Sales.

    Thx,

    -Jay

  14. I like the non inheritance myself. I think this is important. My issue is that edit permissions are defaulting as restricted. I want it to default as editable by the groups with access to changing pages.  I just changed my space permissions so that no one can restrict pages (assume this means editing). Older pages did not inherit this change. I can get to the screen where I can change permissions, but I can only do it for my pages (I am a system and space admin). i want to change a BATCH of pages with restrictions. How can I make a batch change?

  15. Anonymous

    Since the upgrade to 3.3.x our Confluence instance does not allow to change page restrictions using the Security Lock symbol or by tools/restrictions. the dialog lightbox does not pop up. We can remove restrictions by going into page edit mode and select restrictions:edit - but here we can only remove restrictions alreday set but not add new restrictions. We traced the HTTP communication between Firefox and the server and we will get an 404 for the URL, like this

    GET    404    text/html    http://confluence/pages/getpagepermissions.action?pageId=1998953&parentPageId=&parentPageTitle=

    What's happen? We strongly need a solution.

    Thanx for any help and suggestions.

    Dennis

    1. I have the same issue. I am a system administrator and on some pages I can't remove restrictions at all unless I go at it through the admin panel. Firefox and Safari behave the same.

      I think that I have not had a problem with most pages going forward, but old pages are funny. Check to see if this is true for you. 

      1. Anonymous

        We cannot change page restrictions on any page using tools/restrictions. On old pages we can remove restrictions while going into edit mode and open the restriction dialog there. All kind of users have this problem. The problem occurs with Firefox and Internet Explorer.

        We strongly need a solution cause some of our managers do not like to add data without having access control to it.

        BTW Our Confluence requests server resources which also cannot be found, e. g. the picture /s/1925/200/8/_/images/icons/view_16.png :-( It should be the eye on the restrictions dialog pop up.

        1. Anonymous

          We solved the problem :)

          We have customized layouts in our Wiki. We resetted to the default layouts from 3.3.3 and our changes to the new layout definitions and the page restrictions worked fine.

          In future we will keep care of our layouts ;-)

          Dennis

          1. Anonymous

            More specifically, you just need to add the following line to your page layout.

            #parse("/decorators/includes/page-content-includes.vm")

            Then it would work fine =)

  16. Anonymous

    Note of caution - I've been able to set up two areas that provide public and private permissions and this works fine.  However if you use the include/import macro on the public page so that it include content from the private page so that content is available on both private and public pages for those with the correct permissions, if you then edit the public page, an email notification is sent to those watching the public page which includes both the public content and the imported / included content - regardless of permissions.

  17. Anonymous

    I want to restrict the error of 404 which is coming when users give somepagename.aspx in url after the main url of the project. Pls help me with the same. thanks in advance.

     

  18. We have a lot of departments under one Confluence space- and it would be much better if edit permissions were, like view permissions, inherited- otherwise anybody can delete any page of the other departments. Is this something planned for the future?

  19. Anonymous

    Jay has already asked this question, but since he didn't get an answer I will ask again: is there any option to restrict just a part or a specific area of the page? I know there's a plugin to block such page portions, but it's just not visible and still not restricted (there could be some security issues).

    Also, if a page is restricted for a particular user, is it shown in the page hierarchy on the left sidebar? Has anyone any experience with restricted child pages that are structured as tabs on a parent page? In particular is there a tab shown for a restricted child page?

    1. Hallo there

      There is no option in standard Confluence to restrict just part of a page. However, you could put the restricted content into a page, restrict that page and then use an Include Page macro to include it into another page. This is only a partial solution: People who don't have permission to see the included page will see an error message instead of the restricted content.

      Restricted pages will not appear in the page hierarchy on the left, when viewed by someone who does not have permission to see the page. If you specifically add a link to the restricted page on another page, that link will be visible, but not clickable, for people who don't have permission.

      I don't know about tabs – I'm guessing you're using a plugin to create the tabs, so it would depend on the plugin's behaviour.

      Cheers, Sarah

       

      1. Anonymous

        Thank you very much for your answer!

        Regards,

        Marta

         

  20. Is there an easy way to find out where a 'group' is being used to restrict on either a Space or Page? I have a few groups that were set up years ago and I need to know if it's safe to delete them. I need a way to be able to plug in a group name and see all spaces and pages that it's being used on. I'm happy to trawl through the database to do this, but I don't really know which tables I should be looking at to give me the answers.

  21. Anonymous

    Hello,

    Is there a way to view a "change log" or history of when the page has been locked or unlocked?

    Thank you!

    Laura Bantug

  22. I don't believe I saw this question answered elsewhere, though I did try to carefully read the comments and search Confluence:

    I would like to be able to temporarily log in to Confluence as another template user to ensure permissions have been set correctly before sending information out more broadly.  To explain what I mean, I'll give a simple example of our set up and what I'd like to be able to do:

    • We have a workspace with 10 page  
      • Everyone can see the workspace, but pages are generally restricted by user/group
      • Everyone at the company can see at least the 3 pages that have been reviewed and OK'ed for public consumption
      • Group 1 are "contributors" and can see all 10 pages
      • Group 2 are "reviewers" and can see the 3 OK'ed + 5 more waiting to be reviewed (2 are hidden from them)
    • I'm a "contributor" from Group 1 and I'd like to be able to see Confluence from the perspective of EITHER a "Group 2 reviewer" or "someone at the company who isn't in either Group 1 or Group 2
      • My question:  Is there a better way to do that without setting up dummy users?
    1. You could use confluence su to impersonificate to other user. Untill plugin v. 1.2.5 it is free. Such version does work on confluence up to 4.3.7 (tested)

  23. Hi,

    I have the following page structure:

    • Page 1
      • Page 1.1
      • Page 1.2
        • Page 1.2.1
        • Page 1.2.2
      • Page 1.3
    • Page 2

    For page 1.2 and it's child pages (1.2.1, 1.2.2) I would like to restrict the viewing to everyone except few selected people. How do I do that. Our company employes 500+ people and we're using LDAP for people and groups directory.

     

  24. Restricting page access is super easy to do, but what is the preferred method for allowing page access to individual pages? I have a case where I need an individual to be able to view a single page inside a space he does not have access to.

    1. Has anyone figured this out? I don't want to allow a user access to a space and restrict viewing to all other pages except one for every other user. 

      1. Hi Logan,

        There's no easy way to do this at present, but there are a couple of workarounds you can use. Probably the easiest is to create a new space with your preferred permissions, then copy the page into that space.

        I know it's not a great solution, but we are working on a better solution for this scenario.

  25. I would very much like to hear a response from Atalassian on Jeremy Seely's question.  This is an issue that is currently making Confluence difficult for us.  A common scenario is that I have a space that has public view permissions but editing is restricted to a few users.  Sometimes users of this space want to collaborate with someone outside the team, so we want to grant a specific user or set of users access to edit a specific page.  It isn't always the same users so creating a new space each time would be hugely cumbersome.  Plus someone else altogether has space creation permissions.  How does Atalassian suggest handling this workflow? 

  26. Anonymous

    I have the same problem. I would like to allow access to a single group of pages within the wiki to an individual but would rather not give them access to the whole wiki space. Can you help? I do not want to add them and then have to restrict all the other pages that they don't need access to.

    Thanks,

    Jen

    1. Jen,

      That is pretty much the workaround that we are doing at my workplace. We add the user to the space as View (All) and Add (Pages), but then we lock the restrictions to the page(s) inside to groups, etc.

      Ross

  27. I have the same issue. We would like to be able to add one or two users to be able to view a specific page within a restricted area. Will we need to pull the content into another space for them to see it? Or can we let them see a page in a space without adding them to the space group and restricting their access to the 100+ other pages in that space? 

  28. Anonymous

    Is it at all possible to prevent editing when some one else is to prevent edits from saving over each other, or can we see who is editing when another person edits

  29. Is there a way to control permissions on a 'Page' were i want to disable Comments or blogs?

    I still want to have users have the permissions to edit a page or add pages to some but not all pages

     

    thanks

    Pete

  30. Is there any way to prevent a page from being searched but still allow it to be viewed by anyone?    Or a way to lower the relevance of a given page in search?

    We have some very large specs.  They are very old and date back before confluence 4.0.  Now seems that they take very long time to save in confluence 5.2  Not sure why but we've found if you just copy and paste to an ew doc, the performance issue with saving is gone. So I'm going to archive these to new names (I don't really want to delete since they have a lot of change history) but I don't want these convoluting search results.

    Another use case is that we have change specs in any one sprint.  Then we merge to main specs.  We may go 2-3 sprints before we get time to merge specs.  So folks need to search a lot for info.  So I'd like to lower the priority of the change specs once I have merged them.  Is this possible?

    1. Hi Steve,  it is not possible to restrict particular pages from the search, however archived spaces do not show up in the search however, so that might work for you.   If they are in a space that you do not want to archive, you could move the pages to a new space first, and then archive that space. 

      As for the slowness you are experiencing with your pages, it might be worth contact Support about this.  

    2. Hi Steve,  it is not possible to restrict particular pages from the search, however archived spaces do not show up in the search however, so that might work for you.   If they are in a space that you do not want to archive, you could move the pages to a new space first, and then archive that space. 

      As for the slowness you are experiencing with your pages, it might be worth contacting Support about this.  

  31. Hello

    Regarding

    "Space Admin and Confluence Administrator access to restricted pages

    Users with 'Admin' permissions in a space, or members of the 'confluence-administrators' group can remove restrictions from pages, even if the page restriction prevents them from viewing the page"With an 

    with an older version (3.2.1) I see that a confluence-administrator can see all pages, "even if the page restriction prevents him from viewing the page" ... without having to remove the restriction... It this normal? Is this still the case in most recent version?!

    Thanks.

    1. Hi Christine,  the names of permissions and groups can be confusing here. Users with the System Administrator global permission (which is granted to the confluence-administrators group by default) can see all pages, even if they have restrictions. 

      Users with the Confluence Administrator global permission cannot see restricted pages, but do have the rights to specifically remove permissions from a page, and then view it. 

      Sorry the group names and permissions being so similar makes it quite confusing. 

      1. hi Rachel

        Thanks for your detailled answer. Indeed, I was confused. Even in my old version, there are 2 distinct global permissions: confluence administrator and system administrator

        But I tested confluence administrator, said to be "Can administer the application but is disallowed from operations that may compromise system security." , in my version 3.2.1. Well, a user with such permission indeed does not see restrited pages, but ... he/she may ... edit the global permissions... It this normal? and still the case in most recent version?

        Thanks.

        1. Hi Christine, yes, the behaviour is the same in the latest version.  Users with the Confluence Administrator global permission cannot see restricted pages by navigating to them or search - but they can remove the restrictions, and edit global permissions. 

  32. The feature to request access to a restricted page (as introduced by Confluence 5.3) does provide the request button when the URL which the user entered is on that level where the view restriction has been set.

    In practice, it's very likely that the shared URL is a page on a deeper level. In this case, there is no such request button.

    It would be good to show this button in this case as well. (I understand that the administrator will have to invistigate at which place to remove the view restriction. It won't be a simple click in the received email.)

    Also, when the shared link goes into a space where the user does not have access on the sapce level, the result will be even different. (a search result list for all kind of other hits anywhere in the system. Not helpful)

     

    It would be also good to have a similiar solution when a page holds a link where the user has no view access.

    The current implementation is that there is no URL provided under the link, so again the user has no way to access request.

     

    Are there any existing enhancement requests on any of these topics already?

  33. Hi, I am using the documentation theme and have applied view and edit page restrictions here: http://skb.sterland.com/display/TEMP/Test+of+adding+a+draft+page but cannot see the padlock icon. Is there a bug or it something I have done incorrectly? Thanks Debbie

    1. Hi Debbie, sounds like there could be a bug.  In the documentation theme the padlock icon should appear to the left of the page byline (with the name of the page creator etc). One thing to check is if you site has any Custom CSS (either in the space or globally) as this can sometimes cause parts of the UI to not display correctly. If that doesn't help, contact Support who will help you troubleshoot the issue. 

      1. Hi Rachel,

        I'm new to Confluence and .css and .html so a complete novice, but I do recall I read somewhere how to edit the .css to remove the 'Last created by' which I wanted to remove. Now I can't find that info on the Confluence site.

        Is this the .html below that I should remove from the .css to reinstate the page creator etc? If not, can you send me the link to the info?

        .page-metadata UL LI {
        display: none;
        }

        Do I have to have the 'Last created by Last updated by' to be able to view the padlock in documentation theme? Is there no workaround?

         

        Thanks very much,

         

         

        1. Hi Debbie, you could try using this instead - which only hides the modification info, and should leave the attachment icon and restriction icons visible.  

          However, be aware that custom CSS like this is not supported and can break when you upgrade Confluence. 

          1. That worked a treat. Thanks so much Rachel :-)
            When we do upgrade Confluence, how can we prevent things like this from breaking?
            1. Sorry one other question. When you have anonymous users, how does the page restrictions work as they don't have a user id or belong to a group as such to restrict them, do they? I don't want any of our 'view only' anonymous users to see our restricted content. thanks

              1. Hi Debbie, 

                Pages that have a view restriction applied can only be seen by the people specified (individuals or members of a group). Anonymous users cannot see any pages that have a view page restriction as they are not a member of a Confluence group. 

                You can also use space permissions to prevent anonymous users from viewing entire spaces if that is useful. 

                Re upgrading - if a class name or UI element has changed in the new Confluence version your Custom CSS may no longer work - this generally does not prevent Confluence from running, it just may make your spaces look a little strange (depending on how much you have customised it). After upgrading, if you notice problems I recommend removing any custom CSS and then working from there. 

  34. Reading all those comments, my impression is: you only can narrow down permissions down the page hierarchy, but you can't widen permissions. And respecting that constraints, Implementation of CONF-5095 - Page edit permissions should be inherited by pages, like view permissions are Open would save the day for many situations, but with over 300 votes still does not make it to the board.

     

    So, taking a look at Confluence Permissions Architecture I wonder if there is any 3rd party implementations on the market that resolve the shortcomings?

     

    I think the recent implementation works fine for s.th. like project spaces, where you typically have public areas and some confidential sub areas.

    But thinking of s.th. like an Intranet, I would like to provide read access to root pages, and delegate write access to sub pages to delegate editorial responsibilites. I am quite puzzled how I could achieve that.

     

     

     

  35. LW

    Have a question about permission's. I have a space where there is a group that has access to publish content (view/add etc) across the space. I want to give view/add access to one user on a page/children of that page within the space, but not access to all pages across the space. Is this possible? I've tried giving the user edit access via page restrictions, but they can not edit? We are using Confluence 5.4.4 and Zen.

    1. Hi LW, this is very tricky.

      First, the user needs add permission in the space. Even if you use page restrictions to grant editing permissions, the user needs to have Add permission in the space first. 

      Then you would need to restrict viewing and / or editing to all the pages this user is not allowed to see / edit.  This is where the hierarchy becomes difficult, as view restrictions are inherited, so they would need to be able to see all parents of the page they want to edit. 

      One workaround would be to store these pages in another space, and made the content available in the space using an Include Page macro, not ideal, but would allow you to grant some users full edit permissions on only some pages, and restrict it in the final space. 

      1. LW

        Hi

        Thanks for the response, and sorry for the late repy. Looks like a bit of an admin nightmare to be honest.

        Cheers

        Leesa

  36. Is there a method of restricting the creation of new child pages? I have a space home page that users will create child pages under, when they should not. These new pages should be children of the appropriate child page.

    1. Hi Don, sorry there isn't a way to restrict this.  You can prevent users from creating pages using space permissions, but not force them to create pages in a particular location. 

      One thing that some customers do is to use the Create from template macro (as seen on some of the blueprint index pages) as a way to encorage users to create pages under the correct parent. 

  37. Is there any way to make a bulk, page-level, edit restriction change to most but not all pages in a space?

    1. Hi Mike,

      Unfortunately, there's no way to do it in the UI, or through the REST API, that I'm aware of. Feel free to make a feature request though.

  38. Hi, is there a way to automatically set restrictions on new pages before they are created, so the new page would be viewable only to specific users/groups? I know you can do it manually when you create the page, but it'd be nice to set a default so contributors don't have to think about it. Thanks!

    1. Hi Pete,

      The way to do it would be to create a space (or more than one if you need to) and revoke the 'view' permission from the group or groups you don't want to see pages in that space. That way, any pages created in the space would only be viewable to users or groups you grant the view permission to.

      1. Whoa, thanks for the speedy reply, Giles Brunning!

        Hmm, so in essence, I should create a "draft documentation" space, then move the content to the production space(s) when done?

         Our layout is such that I've created a space for each product version. It'd be ideal to have a template or something where we create new docs, they are by default not visible (this is a request from my support team who want to help out with the docs – they'd prefer the writing/editing staff (AKA "me") to review content before it goes live. 

         It might just be easier to include a step in our writing process for authors to set restrictions when a new page is created. 

        Thanks!

        1. A draft documentation space would do the trick, but it might, as you say, be easier for them to just add the restrictions as part of their page-creation process.

          You can take a look on marketplace as well. There are a couple of plugins for drafting and publishing.

  39. Is Confluence working on creating a macro that would let me restrict content on a single page? I'd like to be able to set restrictions on a content-level basis rather than a page-level basis. Is there a plug-in for this? We manage wikis for both our internal employees and our customers, and this would make it easier to integrate content that is applicable to both parties.

    1. Have you tried the Visibility plug-in by ServiceRocket?

      https://docs.servicerocket.com/display/VIS/Visibility

      It works well for us and it also keeps the content out of the page source, so it's not just hidden in HTML comment tags.

  40. Hi Atlassian,

    I would like to create page-trees where the child page has different permissions than the parent page. e.g. A parent could have view restrictions, and the child page different view restrictions. Is there an open ticket for this, or any possibility that this may come about?

     

    Thanks,

    Alice

    1. Hi Alice,  I've had a quick look, and can't see any issues about non-inheriting page restrictions, feel free to raise the suggestion yourself.  There's no way to stop child pages inheriting the view permission of their parent pages. 

       

       

  41. Hi Atlassian, 

    I saw it mentioned earlier but it didn't appear to have been answered. Is there a way or possible upcoming feature which allows for a page to be view-able and editable but cannot be deleted?

    1. Hi Henry, the only way to prevent users from deleting pages in a space is to not grant Delete Page permission in the space permissions. 

      There's no way to do this on a page by page basis. 

  42. Hello, is there a limit to the number of users that can be given view access to a page using restrictions? We noticed that once we have given approx. 60 users view rights, it is not possible to open the page restrictions dialog anymore using the padlock icon or "Tools/Restrictions" . If we delete 5 users using "Page information / Page permissions", then the dialog can be opened again. This leads me to believe that there is a limit at 55 users. Can you confirm this and is there a workaround? We are currently using Confluence version 5.4.4

    1. just curious, why don't you group them?

      1. Our users are not managed locally in Confluence. We connect the users through an external user directory.  It is therefore not possible to add them to local Confluence groups. This is a pain for managing page restrictions but these can only be set at user level.

        1. there is no limitation (as far as I'm aware) of grouping users from external directory (LDAP) into local groups. We are doing this all the time. (we are also on 5.4.4).  It is also possible to configure the LDAP adapter to import groups from the LDAP, if such exist in your directory.

           

          1. We have a special connector which allows us to use SAP User Management Engine as user directory. Unfortunately it is not possible to add users from this source to local groups. We are able to import groups from SAP but we do not want to manage grouping for page restrictions in SAP.

  43. Hello Community!

    Just one quick question/use case

    1. User X can see a Pagetree with different Pages.
    2. User X clicks on a specific Page from the Pagetree.
    3. User X can't see the contnt of the page, but can reques access.

    As long a I understand that, this only works via the "share" function and if a user clicks on a page link for example. 

    Any ideas on that? Thanks!