We have spaces that have content classification and restrictions.
We would like space owners/administrators to still have control over permissions within these spaces, but we need to limit the "pool" of users they can add to the space to a specific group or groups.
I'm fully aware that they can simply add "allowred users" group as a group in the permissions settings to enable access to all users of that group. That's not what I'm after though.
I need to ensure they don't add "Bob", who's not a member the "allowed users" group to the space, thus bypassing content access controls.
I don't think there's a way of doing this, nor have I seen any plugins that do this. I figured I'd ask here, as I'm sure others have come across content classification needs.
The only solution I've come up with so far, is to simply not allow space owners admin control, and farm out all permission work to a trusted team on a request model. That's going to add additional delays to users gaining access to content, since that team will be required to vet the request through the space owner. The space owner knows best, but for compliance reasons, we need to remove the possibility of the owner adding someone they're not allowed to.
No, there is no way to limit which users can be added to a space (other than anonymous users, which can only be given access to a space if anonymous users have been enabled by a site administrator).
Working from the other side of your problem - farming out permissions work to the site admins - you might find an add-on like Ultimate Permissions Manager useful because it provides additional functionality to make managing permissions quicker and easier. It's not free but the pricing is reasonable. There are plenty of other permissions add-ons that might help in the Atlassian Marketplace.
Unfortunately you're pushing against an intractable and common infosec problem: Security vs accessibility. You can't trust people (for compliance reasons) to do certain things, but only allowing trusted people to do those certain things is time- and resource-consuming. The person who comes up with a generalised solution to this will be a billionaire.....
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs