Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

A 'user' is the account for an individual who accesses Confluence.

New users are created by an administrator via the Administration Console

New users are created by administrators, who can also group users together into user groups for more convenient administration. This means that any permissions you assign at the site, space and page levels can be assigned to a whole group. A user in one of these groups will automatically be granted all permissions granted to the group.

There are two special groups in Confluence:

  • confluence-administrators - these users have permissions to administer users and access the Confluence Admin console.
  • confluence-users - this is the default group into which all new users are assigned. Permissions defined for this group will be assigned to all new Confluence users.

Your Confluence instance may include additional groups. 

Anonymous Users

Confluence treats all users who do not log in when they access Confluence as being 'Anonymous'. Administrators can assign permissions to this group separately.

Overlapping group and user permissions

Icon

When a user is assigned more than one permission, the more powerful permission will prevail.

Further explanation:

  • A user may be assigned a permission specifically to their username. They may also be assigned a permission by belonging to a group, or even several groups.
  • The user will then be able to perform all functions assigned to them.
  • So if a user is allowed to do something over and above what the group can do, the user will be able to do it. And if the group is allowed to do something over and above the specific permissions granted to the user, the user will still be able to do it.

26 Comments

  1. An important ommission to this documentation is how a space administrator can (or cannot) see the contents of a group. If he cannot see which users are a member of a group, he cannot decide which groups to use in assigning permissions. It appears that only Confluence Administrators can veiw this crucial information. If true, this page should say something like "Space administrators need to work with Conflunence Administrators to be advised on the usage of groups, since only Confluence Administrators can view and manage groups" If I am misunderstanding this limitation, and Space Admins can view groups, this page needs to say how, or provide a link to a page documenting how group info can be viewed.

    1. Anonymous

      Any user can view a groups membership by using the userlister macro.

  2. Anonymous

    Thank you for that information, but how does a space administrator edit a group once it has been added by a previous space administrator?

  3. How does one use / get this userlister macro?

  4. Anonymous

    Is there a limit on the number of Anonymous users allowed to access your content? And do these Anonymous users require a true license if they cannot edit but just look around at your Wiki etc?

  5. Anonymous

    Confluence 3.5.1 Upgrade Issues - Embedded Crowd for large enterprises

    Have any other organizations with a large user base (15,000+) and number of groups had issues upgrading to Confluence 3.5.1 or Confluence 3.5.x?

    What steps or solutions were taken to overcome the obstacles in Atlassian's recent *change in user management (*Embedded Crowd)?

    We are looking for solutions that we could easily leverage without using unsupported third-party tools and developing custom scripts.

    Any advice on a Confluence 3.5.x or 3.4.x upgrade?

  6. Are there any plans to allow Space Admins to maintain a confluence group of their own? This could be achieved with the ability to assign owners to groups.

    If group owners could also assign and remove group owners from groups they own, this would make life so sweet for the Confluence admin. I'd only have to create the group and assign the first owner to it.

      1. Thanks, but that project doesn't seem very active.

  7. Anonymous

    Scenario: You want to give a client view-only access to a page or space within Confluence.  But, you also don't want just anyone (any other clients) to see the content being viewed.  At the same time, you don't want to blow through your user limits. 

    Does confluence offer a way for companies to assign secure access to view-only content without taking up a user toward the license subscription?  It is my understanding that 'Anonymous' access, while it would solve the user license issue, would leave content exposed to other Anonymous visitors.

    What would be your recommended solution?  Do we need to set up confluence access behind a company login (not necessarily a Confluence login) for clients?

    Thanks in advance,

    -Jeff "Anonymous"

    1. Giving anyone, staff or client, just view only access to a single page isn't really the forte of a wiki. I can't imagine Atlassian would get much call for this feature. I've recently found you can customise Confluence for your specific needs using the Confluence XML-RPC and SOAP APIs.

      If I had a request to do what you're suggesting, I'd consider using webservices or perhaps a script with Confluence CLI to grab the content of the page periodically or on demand.

      Cheapest solution I can think of is to script a grab of a PDF copy of the page and email it to them periodically. Any solution that requires the user to login will be a bit more complex, then for the effort you might as well just pay to upgrade your user licenses. Hope that helps.

  8. Anonymous

    Is there a way to list all the spaces a group has access to?

    Thanks in advance

    1. I have the same question...

      1. Anonymous

        I'd like to see an increased role selection. For instance, in higher education, many times we have IT or academic support folks who we don't want to be full administrators working with faculty and students. We'd like to see a sub-admin where we can assign that person to a space and that person would have the ability to create groups within the space. An example scenario: a faculty member teaching two sections of the same course, uses one wiki space, but would like to create groups from both sections that include students from both sections for each group. I think this is a very common practice in the course management world and I can't hardly believe that the wiki would not want this feature as well. We have many requests for this. Any chance there is a way to do this now and I'm just missing it?

  9. I'm trying to figure out how to limit logged-in user's ability to add/edit pages yet preserve their ability to "Edit in Office' for Word & Excel attachments.  If I simply go into Space Admin and turn off Add Pages for the user group, the "Edit in Office" link disappears from pages in that space, for that user group.  Anybody have this figured out?

    1. Store all the documents on an unrestricted page, then use the Attachments macro to list the documents on the restricted page. The user will get the option to "Edit in Word" by clicking the cog and even upload more documents if you enable that option.

      1. The Attachments macros appears to only feed in attachments from the current page - I tried specifying a different space (by its short name), no luck. 

        I also tried using the Include macro to display attachments from a less-restricted page - result was that the tighter restriction on the page with the Include macro apparently overrules the looser restriction in the 'included' list. The test user ID didn't have Edit ability on the page, nor 'Edit in Office' on the list of attachments.

  10. I need to add a new option "publish" in the Global permission Page for  "Groups". Please Suggest How can I implement this one?

     

  11. I am unable to log in to Confluence after I restarted the same. i chose to use JIRA Server for user managment for both JIRA and Confluence. I even tried to update the admin password in the database, but nothing seems to help. This happened after I happen to restart Confluence. Before that everything was working fine.

  12. I would like to add that this is fresh install of Confluence. I also tried a couple of other things like tuned of External Directory managment in the database itself, updated the index. etc.. but the 'admin ' user created during Confluence install time just cannot login

    . I could not find any place like ldap authentication being done twice. The logs just say the following:

    2012-12-01 14:45:42,119 INFO [http-8090-1] [confluence.security.login.DefaultLoginManager] recordLoginFailure

    Failed login attempt for user 'admin':

     

    ------------

     

    2012-12-01 14:19:15,521 WARN [http-8090-1] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'administrator' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

     

     

     

  13. So is it correct, that the confluence-administrators group has a special handling, that does not rely on the permissions? If I am a system administrator, but I am not part of the confluence-administrator group, there seem to be certain things that I can't do, which seems to make a fool of the whole permission system... This should be noted with a big warning sign!

    1. I would like to know as well.

      We just ran into the problem that administrators cannot view restricted pages, even if they are in a custom admin group with full confluence and system permissions. However a user in the confluence-administrators group can view the same restricted pages. Version is 5.4.3

      1. Hi Luuk and Carsten, 

        In Confluence permissions can be granted to an individual or by being a member of a group. The default confluence-administrators group holds the Confluence Administrator global permission and the System Administrator global permission. 

        This means that members of the defaults confluence-administrators group are able to see all content, including restricted content, and access all administrator options - but this is granted by the System Administrator global permission. 

        Users with the Confluence Administrator global permission are able to access many admin functions (such as colour schemes, global templates etc) but not all.  They are also not able to see restricted content by default (they can however restore space admin rights to spaces, and recover permissions from restricted pages if necessary)

        If you're an OnDemand customer, the default group may be called administrators or confluence-administrators but only holds the Confluence Administrator global permission.  Only Atlassian staff administering the OnDemand instances have System Administrator global permissions in OnDemand. 

        It is also important to note that the group names do not matter, and in an installed instance of Confluence the group permissions may have been changed, or different group names used. 

        I hope this clarifies the situation a little for you. There is a comparison of the rights granted by the System Administrator permission vs the Confluence Administrator permissions here Global Permissions Overview

  14. Is there a way to define two sets of anonymous users? We have users that are allowed to read content during development stage, but a larger group that can read content only after it is released. Neither one of these users will be registered as a Confluence user because they cannot add/change content in any way.

    Is there a way to differentiate between these two groups?

    1. Sorry Rakefet, that's not possible - because anonymous users are not logged in, its not possible to identify them or group them.

      You could use space permissions to restrict anonymous access to particular spaces, and then enable it on those spaces once your content is ready to be released.

      Another option would be to allow your users to create themselves an account, but only grant them view access to content (this may impact on your licence user counts however). You would need to ensure that the default group that users are automatically added to on account creation (by default this is the confluence-users group) only has the permissions you would like these 'limited' users to hold. So although this solution might be effective, you'll need a fair
      bit of thinking and planning to get your groups and permissions right.

      Hope this helps