Global permissions overview
Global Permissions determine what a user can do at a site level, including whether they can log in, create spaces, or administer the site.
Unsure about the best way to set permissions in your site? Check out our Permissions best practices guide.
Overview of global permissions
The following global permissions can be granted to groups and individuals.
Global Permission | Description |
---|---|
Can Use | This is the most basic permission that allows users to log in to this Confluence site. Users with this permission contribute to your licensed users count. |
Personal Space | Allows the user to create a personal space. The space key will be their username. |
Create Space(s) | Allows the user to create new spaces in your site. When a user creates a space they are automatically granted admin permissions for that space. |
Confluence Administrator | Allows the user to access the Confluence administration console, and perform basic administrative tasks such as adding users, changing group memberships, and changing the colour scheme of the site. See the detailed comparison of administrator permissions below. |
System Administrator | Allows the user to access the Confluence administration console and perform all administrative tasks. See the detailed comparison of administrator permissions below. |
Grant global permissions
To grant global permissions to a user or group:
Go to Administration menu , then General Configuration. > Global Permissions
- Choose Edit Permissions.
- Do one of the following:
- Enter a group name in the Grant browse permissions field in the Group section
- Enter a username in the Grant browse permissions field in the Individual Users section
- Choose Add.
- The user or group will appear in the list. Select the permissions you want to grant.
- Choose Save all.
Screenshot: Editing global permissions
Revoke global permissions
To revoke the global permissions for a user or group:
Go to Administration menu , then General Configuration. > Global Permissions
- Choose Edit Permissions.
- Locate the user or group you want to edit, and deselect all checkboxes.
- Choose Save all.
If you are attempting to revoke permissions for an individual user, and they are not listed, you will need to check which groups they are a member of, and remove them from any groups that grant the global permission.
System Administrator and Confluence Administrator permissions compared
The table below lists the parts of the admin console that can be accessed by people with the Confluence Administrator and System Administrator global permissions.
Members of the confluence-administrators
super group have System Administrator global permissions by default, as well as the ability to view all spaces and pages.
Admin console | Confluence administrator | System administrator |
---|---|---|
Configuration |
|
|
Marketplace |
|
|
Users & security |
|
|
Look and feel |
|
|
Upgrade |
|
|
Administration |
|
|
Atlassian Cloud |
|
|
Confluence-administrators super group
confluence-administrators
group grants the highest possible permissions, with complete access to all content and administration functions.
When you install Confluence you'll be prompted to create a system administrator account. This user will be a member of the confluence-administrators
super group.
What can members of this group do?
This group provides the highest level of permission in your site, and these permissions can't be edited. People in this group can:
- perform all administrative tasks
- access all spaces
- access all pages, including pages with view restrictions.
Restricted pages and blog posts are not visible to members of the confluence-administrators
group in the dashboard, blog roll, search and most macros, but are visible if the user has the page URL, or in the:
- page tree in the sidebar
- pages index page
- reorder pages screen
- page tree macro
- content by user macro
Members of this group can't edit pages by default. They need to grant themselves space permissions, or add themselves to the page restrictions in order to edit.
Should I use the confluence-administrators group?
Some organisations use the confluence-administrators
group extensively, while others choose to limit its membership to just one special admin account, to limit the number of people who can see all content by default. System administrators can perform all the same administrative tasks, so membership of this group is not a requirement.
If you do decide not to use this group, be aware that the group can't be deleted, and that people with System Administrator global permissions can add themselves to this group.
Troubleshooting
Confluence will let you know if there is a problem with some permissions. In rare situations, you may see the following error messages below a permission:
- 'User/Group not found' - This message may appear if your LDAP repository is unavailable, or if the user/group has been deleted after the permission was created.
If you're unable to log in to Confluence as an administrator (for example, you've lost the administrator password) you can start Confluence in recovery mode to recover your admin user rights. See Restore Passwords To Recover Admin User Rights.