Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Admins and page restrictions

Hi all,

We're thinking of using Confluence pages for HR-related confidential information, especially when onboarding newcomers, like integration plans, competency follow-ups and the like. The HR department is reluctant to let us use Confluence because they say admins can see restricted pages if they want to. According to this Atlassian article, space admins can see the list of restricted pages, but it says they have to remove restrictions to be able to see the page contents. Is that right? And is there a way to make a page completely restricted to the people specified, keeping even admins and gods out?

 

Thanks.

Alain

2 answers

1 accepted

0 votes
Answer accepted
JimmyVanAU Community Leader Sep 29, 2020

Hi Alain,

HR is correct in that by default Confluence administrators can see restricted pages if they want to. Following https://confluence.atlassian.com/confkb/confluence-admin-permission-levels-explained-604209420.html, the out of the box "confluence-administrators" group is a super user group that overrides system permissions and allows members of this group to see all pages.

While this is known, I've worked in many instances which have fixed this. To do this:

  1. Create a new group, for example "application-administrators", "atlassian-administrators" or "wiki-administrators". This can either be in your user directory or local to Confluence.
  2. Add all the appropriate members to the group.
  3. Under "Global Permissions" in Confluence, remove "confluence-administrators" and add your new group, ensuring you assign system admin privileges.

Then Confluence will lock out 'the gods' and behave as described in the article above. I strongly recommend testing this out in a demo environment (to avoid locking yourself out), and giving HR the assurances they're after.

Cheers, Jimmy

You can it like this, but you'll have to keep in mind, that the confluence global admins are able to restore the settings for the confluence-administrators group, so they can undo this configuration and workaround.

Thanks for the answers.  Bastian I agree with the confidence level management has to have with admins being diligent professionals, even if they access sensitive information. I haven't had any response from HR management yet so I'll have to wait before I can test this, but hopefully I'll get a green light and move on. I was looking for a solution and the one Jimmy provided would work for me.

Thanks again for your time.

Alain

Hi @Alain Beaulieu ,

welcome to the community.

Your HR team is right, Admins can get access to restricted pages.

It is right, that space admins can remove the restrictions. But they have to do explicitly, they can't access a restricted page by accident. Global admins in the confluence-administrators group can even access the pages without removing restrictions.

It is not possible to restrict a page in a way, that not even admins can access this page somehow.

But if the HR department doesn't think, that your admins are doing their job well and respect the privacy of data they are responsible for, there might be another problem.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

Announcing Team Calendars in Confluence Data Center

Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond.  A long time favorite,  Team Cale...

177 views 0 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you