Permissions and restrictions
As a tool for communication and collaboration, we believe Confluence is at its best when everyone can participate fully. Confluence keeps a history of all changes to pages and other content, so it's easy to see who has changed what, and reverse any changes if you need to.
Confluence does, however, give you the choice to make your site, spaces, and pages as open or closed as you want to.
Levels of permission
There are three levels of permissions in Confluence:
Global permissions
Global permissions are site-wide permissions, and are assigned by a Confluence administrator or system administrator.
Global permissions cover things like whether a user can log in or create a space. They don't really interact with space permissions or page restrictions.
For full details, check out the Global Permissions Overview.
Space permissions
Every space has its own independent set of permissions, managed by the space administrators, which determine the access settings for different users and groups.
They can be used to grant or revoke permission to view, add, edit, and delete content within that space, and can be applied to groups, users, and even to anonymous users (people who aren't logged in) if need be.
For full details, check out the Space Permissions Overview.
One thing to watch out for is where a user is a member of multiple groups. You may have revoked permission for that individual user to add pages, for example, but if they're a member of a group that is allowed to add pages, they'll still be able to create new pages in the space.
If you can't get the result you want from space permissions, or you're not sure, check with one of your Confluence administrators to determine what permissions you should apply to individuals and groups.
Page restrictions
Page restrictions work a little differently to global and space permissions. Pages are open for viewing or editing by default, but you can restrict either viewing or editing to certain users or groups if you need to. Page restrictions can be applied to published or unpublished pages and blog posts (drafts).
Don't forget, every page in Confluence lives within a space, and space permissions allow the space admin to revoke permission to view content for the whole space. Even the ability to apply restrictions to pages is controlled by the 'restrict pages' space permission.
For full details, check out Page Restrictions.
How do permissions and restrictions interact?
You can restrict viewing of a page or blog post to certain users or groups, so that even if someone has the 'view' permission for the space, they won't be able to view the content of the page or blog post.
If someone is a space admin and you've used page restrictions to prevent them viewing a page, they won't be able to see the page when they navigate to it. As a space admin though, they can see a list of restricted pages in the space and remove the restrictions.
Check who can view a page
To check who can view a page, go to
. This will show a list of people, including administrators, who have space permission to see the space, and are not prevented by page restrictions from seeing the page. See Check who can view a page for more information.The diagram below shows the points at which someone could be prevented from viewing a page.
- Site - they don't have permission to log in to Confluence.
- Space - they don't have permission to view the space.
- Parent page - the current page has a view restriction preventing them from viewing.
- Child page - the current page is inheriting a view restriction from another page higher up in the page hierarchy, preventing them from viewing.
What about links?
Space permissions and page restrictions affect how links between Confluence pages are displayed.
- If someone doesn't have 'View' space permission, links to pages in that space will be visible, but they'll get a "page not found" message. The space key is not revealed in the link URL.
- If someone has the "View" space permission, but the page has view restrictions, the link will be visible but they'll get an "access denied" message when they click the link.
Links to attachments are also affected. If the visitor doesn't have permission to view the page the attachment lives on, the link won't be rendered.