We have noticed that a user in Confluence can search all groups in the system when using the “User List” macro. The placeholder * can be used to search not only the group names, but also the included users. This looks like a data protection problem to us. The user should only be shown groups of which he is a member.
What is Atlassian's position on this?
Can this macro be deactivated?
@Patrick Alexander The point of the User List macro is to show what users are in different groups. It seems to me that whether you want users to have access to this information may be different by company and depend on how you set up your groups.
According to this page, you can effectively deactivate this macro by disabling the People Directory: https://confluence.atlassian.com/confkb/user-list-macro-displays-user-list-not-rendered-as-you-do-not-have-the-privilege-to-view-user-profiles-329974674.html
Hi Barbara,
Sure it depends on the naming of the groups but also on the information shown in the userlist. For us it is not only a question of company rules but also of the DSGVO.
The link you mentioned works only on server/data center versions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry, that page was linked to from the page on how to insert the User List macro in Cloud (https://support.atlassian.com/confluence-cloud/docs/insert-the-user-list-macro/), so I thought it applied to Cloud.
Hopefully, someone else will chime in with more/better information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.