Can you limit available users to a specific group for assigning permissions?

We have spaces that have content classification and restrictions.

We would like space owners/administrators to still have control over permissions within these spaces, but we need to limit the "pool" of users they can add to the space to a specific group or groups.

I'm fully aware that they can simply add "allowred users" group as a group in the permissions settings to enable access to all users of that group. That's not what I'm after though.

I need to ensure they don't add "Bob", who's not a member the "allowed users" group to the space, thus bypassing content access controls.

I don't think there's a way of doing this, nor have I seen any plugins that do this. I figured I'd ask here, as I'm sure others have come across content classification needs.

The only solution I've come up with so far, is to simply not allow space owners admin control, and farm out all permission work to a trusted team on a request model. That's going to add additional delays to users gaining access to content, since that team will be required to vet the request through the space owner. The space owner knows best, but for compliance reasons, we need to remove the possibility of the owner adding someone they're not allowed to.

1 answer

Hi Mark,

No, there is no way to limit which users can be added to a space (other than anonymous users, which can only be given access to a space if anonymous users have been enabled by a site administrator).

Working from the other side of your problem - farming out permissions work to the site admins - you might find an add-on like Ultimate Permissions Manager useful because it provides additional functionality to make managing permissions quicker and easier.  It's not free but the pricing is reasonable.  There are plenty of other permissions add-ons that might help in the Atlassian Marketplace.

Unfortunately you're pushing against an intractable and common infosec problem: Security vs accessibility.  You can't trust people (for compliance reasons) to do certain things, but only allowing trusted people to do those certain things is time- and resource-consuming.  The person who comes up with a generalised solution to this will be a billionaire.....

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

299 views 2 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you