Confluence 5.2 has reached end of life
Check out the [latest version] of the documentation
Page restrictions allow you to control who can view or edit individual pages. You set the page restrictions using the Page Restrictions dialog, either directly by choosing Tools > Restrictions, or when editing a page.
For instructions on using the Page Restrictions dialog, refer to Setting a Page's Restrictions.
When a page you are viewing has restrictions applied, a small padlock icon
appears next to the page byline. Clicking the padlock will open the Page Restrictions dialog, where full details on the page restrictions are displayed.
On this page:
Screenshot: The Confluence Page Restrictions dialog
The Confluence Permissions and Page Restrictions Hierarchy
Permissions and page restrictions in Confluence work within a hierarchical manner. For example, users who can access and modify global permissions (for instance, Confluence Administrators) can define which users can access and modify space level permissions (that is, space administrators). Space administrators can then define which users have access to create and modify pages. These users in turn can then apply viewing and editing restrictions to a page. By inheritance, these restrictions will also be applied to any child or descendant pages which are then added to that page.
See the diagram below for an illustration.
Diagram: Confluence Restrictions Hierarchy
Requirements for Setting Restrictions
In order to set or modify page restrictions, you need to have both:
- 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
- Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.
Page Security Rules
Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:
- Anonymous users are directed to the login page.
- Logged-in users are shown a permissions error page.
It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content.
Users will still be able to find the page if they know its URL. But they will not be able to view the content if they don't have the correct permissions.
Inherited Restrictions and Child Pages
If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.
'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editing of pages. See Space Permissions Overview.
Example of Child Page Restrictions
Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.
For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.
Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.
How to Open Part of a Space
If designing a large site implementation with this strategy, consult Page Restrictions Performance Considerations.
Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:
- Add 'view' permission for both groups A and B in space permissions.
- Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
- Add a page restriction to allow Group A and B to see this page.
- Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.
You can repeat this with any page hierarchy.
Administrators
- Space administrators are responsible for the management of a space and its contents. They therefore have the ability to remove all restrictions from a page (as described in 'Viewing Restricted Pages'). This means that space administrators can view and edit all content in the space.
- Users who are members of the 'confluence-administrators' group ('super-users') cannot immediately see pages from which they are excluded by page restrictions. Also, to be able to edit the page, you will need to remove the restriction from it first – go to Space Administration > Restricted Pages.
You cannot exclude yourself
As creator or editor of a page, you cannot use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again.
Related Topics
View a Page's Restrictions
Set a Page's Restrictions
View All Restricted Pages
Page Restrictions Performance Considerations
Take me back to the Confluence User's Guide.
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.