A user was created and the system gave him access to all the Confluence sites. The user was created as a normal user, but we observed that there is a security flaw in Confluence since it gave access to all the sites to a user without being an admin.
Pics or it didn't happen :)
I would look at what default groups your site is adding to new users and what groups are allowed access to each space. It's likely you have a default user group that has access to all spaces.
The user was created without access to sites, we went to validate the next day and we see that it is allowed on all sites
it was not included in any group
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are you sure they are not in any groups?
A group membership is required for product access, so if they can access all spaces they are in a group.
https://support.atlassian.com/user-management/docs/default-groups-and-permissions/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.