Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,556,244
Community Members
 
Community Events
184
Community Groups

Space Access - Best Practise

Panagiotis Annis
Panagiotis Annis Nov 29, 2020

Hello,

I wanted to start a discussion regarding the confluence spaces permissions and more specifically I would like to change the way that my company granting access to users.

Up until now, the previous Atlassian administrators used to grant access to individual users and not to groups. This is something not manageable and maintainable. 

From your experience, what is the best way to change this and smoothly change the access from individual users to groups?

Thank you.

Comment
Watch
Like Be the first to like this
371 views

2 comments

Yury Lubanets
Yury Lubanets Nov 30, 2020

Hi @Panagiotis Annis 

In my view, the best way is to communicate with the owner of the space. Just explain what should be done, why it's better than the existing approach, and find a group or some groups containing most of the users. In some cases, a new group should be created for that purpose.

But I believe it's impossible not to use individual access at all. Sometimes it's the only way to achieve necessary goals.

Like
Reply
Thomas Bowskill
Thomas Bowskill
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Nov 30, 2020

Hi @Panagiotis Annis 

I definitely agree with you that Group-based access is the best way to go -- individual user access can get really tedious. 

Your best bet -- but this requires effort -- is to get integrations in place with your organisation's user-directory. This way new users can be automatically created based on how they have been set up. E.g. on my side, I have Active Directory and our Infrastructure team add people to Organisation units (OUs) that are used to represent the different functions / teams people have / do. These translate to Confluence groups, which reduces the individual admin.

Second to this, the question to ask is how much of the admin do you wish to delegate? Do you have spaces in Confluence that you can give other users Admin permissions for? That way they can control the access within their own spaces, rather than have to go to a central team (that of course will need to be tailored to your organisation's stance on how access should be controlled). This will likely lead to individuals being granted access, as Groups are really only a thing the site-wide admins get to interact with. 

As @Yury Lubanets mentioned: you're not likely to fully move away fully from individual-based access, as there will be edge cases. But by having some decent groups that represent functions,  a good naming convention and ideally some central automation of this / re-use of existing structures from something like Active Directory, you could save time. 

It's worth a chat with your Infrastructure team to understand if a User Directory integration is possible, and if so / it is already in place, whether they have groups for users already -- piggyback off what your company does in the User Directory :)

 

Also worth reading is the Permissions best practices article.

 

Hope this help you!

Like
Panagiotis Annis
Panagiotis Annis Nov 30, 2020

Hello both,

Thank you very much for your reply.

All that you suggest are very helpful. 

I am not looking to completely remove access per individual cause in some cases this in to possible. I am trying to make it a little bit more manageable. 

Currently we are not willing to delegate admin work to Spaces administrators cause we want to create a framework and train our users on what they can do as space administrators first. 

We have already synced MS AD with our Atlassian products, so yes we can create the groups there and add the users to those groups. 

I think that I will first evaluate the groups we have in place and create those that are missing, probably per team or something like that and based on the owners feedback about the spaces I will grant group-based access to each space. 

Thank you!

Like
Reply

Comment

Log in or Sign up to comment
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

See all events