Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,369,282
Community Members
 
Community Events
168
Community Groups

Urgent Request for Improved Space Permissions

Some days ago, one of our users unintentionally deleted a Confluence Space.

The ability to delete spaces is included in the "Admin" Space permission and this is an extremely dangerous feature, as Confluence doesn't have a "trash bin" and the only way to recover the Space is by using a backup.

I am convinced Atlassian should improve the permission concept, as it is unacceptable to mix the ability to change the "look and feel" of a Space (quite harmless) with the ability do delete a Space forever (quite harmful).

I ask myself if this is also the case for Jira users with "Project Admin" rights? I mean, are they also able to delete the complete project where they are Project Admins?

Anyone agrees? How can we request such a change?

2 comments

JiraJared Community Leader Nov 13, 2020

Hey Rodolfo,

I’ve encountered the same before - it’s not pleasant by any means.

If you’re using on-premise version + scriptrunner, you can use fragments to restrict certain capability, such as delete space, to those with a certain group.

Hey @JiraJared,

In my opinion your proposal can be seen as a possible workaround. But I ask myself if people really need to pay extra money for an app just because Confluence permissions are not well designed. To be honest, I would never ever allow non-admins to delete spaces.

As far as I can tell, Jira also doesn't allow a project admin to delete her/his own project (only server admins can do that). Why didn't Atlassian just follow the same principles with Confluence?

JiraJared Community Leader Jun 30, 2021

Hi @Rodolfo Möller ,

This is true.

The delete space button is also nested under the admin section of the space. So if a user specifically navigates to the admin section, clicks the delete button, sees the warning message and presses confirm delete, it would be safe to assume they really want to delete the space. It’s not like there’s a checkbox when deleting a page asking “delete space too?”

If you were designing Confluence, where would you put the delete space button?

Hi @JiraJared

When the issue happened in our system, the user went unintentionally to the "delete space" area and didn't do it. But this was the last thing he did in the evening before going home. Next day he came back to work and the "delete space" URL was the first entry in his browser history, so used the URL suggested by the browser. When he was asked to confirm with name/password, he thought Confluence forgot him over night and this would be the regular login procedure (instead of the confirmation to delete). And BOOM, the space was gone forever.

The point I am trying to make is that you should not put the ability to delete a space together with the ability to create page templates or change the space's color scheme. I think, "delete space" and "manage users/permissions" deserve a separate permission in Confluence.

So the best idea would be to split the current "Admin" permission into a minimum of two (better 3): a "Design" permission (for templates, colors, etc.) and one (or two) "Admin" permission(s), one for managing users, groups and their space permissions and another for having the ability to delete spaces.

I am trying to delete a space, and get these messages:

"Page Not Found
We can't find that page. This could be because:
The page doesn't exist.
The page exists, but you don't have view permission for that space."

Assuming the space has been deleted by an admin in my environment, is there some type of audit log that could shed some light as to which user may have done that action?

 

Thank you. Please re-direct if this question should be in an alternate topic stream.

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events