It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence access for new user - Can log in, but gets "Not Permitted" when switching to confluence

Looking around, I've seen this problem variously discussed and solved for both the installed and on-line versions. However, none point me to getting my version of the problem fixed.

Implementation Details:

  • I have subscriptions to Jira and Confluence apps only
  • I have created a new user: access is allowed only to Confluence app
  • I have created a new group and placed the new user into it
  • I have permissioned the group for access to specific spaces only

Problem Description:

When user logs in, the following observations, actions, symptoms and problems:

  • User is able to log in
  • Presented with Jira dashboard (even though user is not permissioned for Jira)
  • Selects Confluence
  • Receives message "Administration / Users \n Not Permitted \n You are not permitted to perform this operation"

What I tried:

  • re-indexing: no effect
  • Permissioning user also for Jira access: no effect
  • Chaging default applications for group to include Jira: no effect
  • googling all over, searching atlassian answers, etc: no effect

So, what's wrong with the above? How do I simply create a new user, add them to a new group, and successfully give them access to confluence?

Any and all help appreciated,

regards,

richard

4 answers

  1. Under Confluence Administration, select General configuration
  2. Go to Global permissions and select Edit permissions
  3. In order to give a group browsing rights, under the Groups heading, search for the group.
  4. Click on Add to add the group. Leave Can use ticked. Grant other rights accordingly.
  5. In order to give a user browsing rights, under the Individual users heading, search for the user
  6. Click on Add to add the individual user. Leave Can use ticked. Grant other rights accordingly.
  7. Click on Save all to save your changes
  8. Note that the group or user must also be accorded rights in a space in order to see any content.

Hi Alice,

I am facing the exact same problem that Richard faced. By adding a user to the Global Permissions page/list, we provide him/her access to all spaces. That's not what we want.

We have synced up the users through Active Directory, which includes contractors. We would like to give them access to certain spaces, not the entire site (all spaces). How do we achieve that?

Any help would be appreciated!

Cheers,

Akash

Alice's comment was very helpful. The "all staff" group we have doesn't have global permission, only specific department groups. A new group was created and assigned space permissions, but couldn't actually navigate anywhere after logging in because of the lack of global permissions for that new group.

0 votes
Nic Brough Community Leader May 12, 2014

Check the groups enabled for "Browse" in "Global permissions" in Jira.

Okay, I'm getting farther, but still am a bit confused about the underlying philosophy here and would like some further pointers where possible.

But first, what I did to get this working:

  • Originally I had the user defined as a member of a single group, which was not the group 'users'
  • Added this user to the 'users' group and everything now works as expected, login- and access-wise

However, what this means is that this individual user now has access to all of the Confluence spaces since by default, all spaces allow access to the group 'users'.

So I'm really confused as to how one goes about making one-to-one permissioning schemes between individual users and individual confluence spaces.

The way I currently understand it then, in order to achieve what I'd like, I need to:

  • Add any new individual user to group 'users', otherwise they can't access Confluence
  • Then, if I want to give them access to only a single Confluence space, I need to remove group 'users' from all other spaces, remembering to do this for every new space that gets created since this access is provided at creation of a new space.

Obviously I'd prefer a different method than to have to re-configure group access for all spaces (not fully knowing the broader implications of this before-hand).

Is there something I'm missing preventing me from doing this in a straight-forward manner?

All advice appreciated.

regards,

richard

Hi All 

i am also having the same issue.

All our users are sync'd via LDAP but we want to provide and external user access to a particular space.

i have created the user and they can log in but get the "Not Permitted" page. 

i have tried various ways from adding individual permissions to the space as well as adding group permissions to the space. the only way to get it to work is to either add the group or individual to the global permissions but this then gives access to all spaces 

Just an update

I was able to resolve this issue via the global permissions section

What exactly did you do?

Hi Noni,

Just to give you some detail on what our request was in case it's slightly different to yours.

I wanted to set up access to certain spaces for external users such as companies we are working with, contractors etc. I did not want to open up access to any of our other spaces as these hold confidential data.

Firstly I created a group called "External users" then under Global Permissions I added this group giving on "Can use" access and disabled access for Personal Space, Create Space, Confluence Admin, System Admin

Then I set the permissions on the space its self via Space Tools where you can set what the external users are allowed to do.

Finally, I invited the user and made sure they were only part of the group I had created.

 

Basically creating the group and applying the global permissions allow the user to log in and use confluence, they space tools permissions allow the user access to that particular space.

 

hope this all makes sense

Hey all,

I'm having a similar issue with confluence server and I can confirm that it is solvable but adding appropriate Global Permissions ("can use"-only).

My concern is, that this will use up a license. Can you/someone confirm that?

Which means, that by giving probably a whole bunch of users just browsing access (no editing possible!) it will burn up my licenses? Is that on purpose?

Nic Brough Community Leader Jul 01, 2019

Yes, each account that can log in counts towards your usage.  Because they're using it.

Well, yes, I see you point and I'm fine with that.

It's just, we have accounts in LDAP/AD, that I don't want to use it, but they are able to authenticate. I'd strip them of every permissions within confluence, but they are still able to log on and in doing so, they only see an error screen and get two buttons they can't use either.

I'd prefer that those users without "can use" permissions would be treated at least the same as anonymous users and not to get completely blinded. 

Nic Brough Community Leader Jul 01, 2019

If you've removed all their permissions, then they should get permission errors when doing almost anything.  You need to add them to the same permissions that you've granted anonymous to.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

758 views 3 18
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you