Introducing more flexibility to the Confluence roles system

Hey everyone 👋

We’ve made the Confluence roles system a lot more flexible. Fewer forced permissions dependencies, more room to build custom roles that match how your team actually works, and no more requirement to have a full Admin in every space. Already in the roles beta or using roles exclusively? These changes are rolling out to you now. Here's what's new and what's possible with these updates!

“Manage everything in space” has a new name

With the most recent permission splits that introduced more granularity and control into the custom roles system, this permission no longer "manages everything." To be more accurate, we’ve renamed it to Manage space features, automation. This covers space-level features, automation, and integrations.

Removing strict permissions dependencies

Previously, the custom roles system had strict hierarchical permissions rules. For example, you couldn’t hold the Manage access to space permission without holding all content-level permissions. We’re removing the most strict dependencies, and only keeping those that are essential, like:

• View content is still required to hold any other space permission.
• Edit content is required to Create content or Delete anyone’s content.
• Manage access to space is required to manage Anonymous or Guest access.
• Export individual content items is required to Export space.

This allows for more flexible custom roles, like an Admin who can manage the space but isn't allowed to manage users or delete sensitive data.

Flexible space administration

You no longer need to grant full Admin rights to at least one user or group in every space. You can now create "Lite" Admin roles by stripping away sensitive permissions (like deleting or exporting) while still allowing them to manage the space.

Better alignment for Analytics and App access

Managing Analytics and Apps is now controlled by the Manage access to space permission (instead of "Manage everything"). This change groups these actions with other controls that manage access to your space.

Impact: The default Manager role now includes the ability to manage app and analytics access.

What’s now possible

• No full Admin required. Spaces can function without anyone holding the Admin role, opening the door to scoped "lite admin" setups.
• Fewer guardrails on custom roles. You can mix and match permissions without running into forced dependencies.
• Four new standalone permissions give you finer control when building custom roles:
  • Manage all content in space
  • Create content templates
  • Manage space look and feel
  • Delete own comments

What’s on the horizon

Everything above sets the stage for what's next: Role-based access GA, starting in July. These are the final foundational changes ahead of the GA release:

• More control over default roles: You’ll soon be able to disable default roles that don’t fit your access needs.
• Configurable system operations: Better control over the roles assigned by system operations (like guest invites or space owner changes).
• Bulk transition tooling & role suggestions: To simplify your move to roles, we’re adding a transition tool that tracks your site's role coverage, suggests the best-fit roles to assign, and lets you apply access updates in bulk. (bulk tooling rollout currently in progress)

Thanks,
The Confluence Permissions team