Can you limit available users to a specific group for assigning permissions?

We have spaces that have content classification and restrictions.

We would like space owners/administrators to still have control over permissions within these spaces, but we need to limit the "pool" of users they can add to the space to a specific group or groups.

I'm fully aware that they can simply add "allowred users" group as a group in the permissions settings to enable access to all users of that group. That's not what I'm after though.

I need to ensure they don't add "Bob", who's not a member the "allowed users" group to the space, thus bypassing content access controls.

I don't think there's a way of doing this, nor have I seen any plugins that do this. I figured I'd ask here, as I'm sure others have come across content classification needs.

The only solution I've come up with so far, is to simply not allow space owners admin control, and farm out all permission work to a trusted team on a request model. That's going to add additional delays to users gaining access to content, since that team will be required to vet the request through the space owner. The space owner knows best, but for compliance reasons, we need to remove the possibility of the owner adding someone they're not allowed to.

1 answer

Hi Mark,

No, there is no way to limit which users can be added to a space (other than anonymous users, which can only be given access to a space if anonymous users have been enabled by a site administrator).

Working from the other side of your problem - farming out permissions work to the site admins - you might find an add-on like Ultimate Permissions Manager useful because it provides additional functionality to make managing permissions quicker and easier.  It's not free but the pricing is reasonable.  There are plenty of other permissions add-ons that might help in the Atlassian Marketplace.

Unfortunately you're pushing against an intractable and common infosec problem: Security vs accessibility.  You can't trust people (for compliance reasons) to do certain things, but only allowing trusted people to do those certain things is time- and resource-consuming.  The person who comes up with a generalised solution to this will be a billionaire.....

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

849 views 23 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you