Confluence & Anonymous Access: How to limit space admins ability to enable Anonymous Access?

We are currently using Confluence with JSD and we would like to turn one Anonymous Access in order for the KB to work on public signup. We know how to enable Anonymous Access globally, but is there a way to limit space admins from turning on Anonymous Access? In other words, is there a way to strip space administrator from having the ability to enable Anonymous Access?

We tried creating a new group that does not have space admin permissions, but now those users cannot create space templates because they need to be a space admin to do so. 

Any help is greatly appreciated! Thanks! 

3 answers

This widget could not be displayed.

Hi Joseph,

You need setup a public space. https://confluence.atlassian.com/doc/setting-up-public-access-156.html

And only this is space is able to anonymous access.

You can read more here too https://confluence.atlassian.com/cloud/managing-anonymous-or-public-access-690849667.html#notfound

Regards.

This widget could not be displayed.

Hi Joseph,

In short: No, you can't do this.  Assuming you've got Anonymous Access turned on globally, the only way to stop space admins being able to turn it on at space level is to switch off the Admin option in the permissions for the space.  But then they'll lose all of the other Admin privileges as well, which defeats the object!

Lameck's solution will unfortunately still give all space admins the ability to turn Anonymous Access on for their space.

A potential option you could try is to only allow site administrators to create spaces.  That would mean no personal spaces though, or only allowing personal spaces where the user doesn't have space admin privileges to their own space.  It would also mean the site admins would be the only space administrators, and you'd have to be willing to take on that extra level of work. 

Your question and use case seems perfectly sensible though.  It might be worth putting a request into Atlassian to add this functionality in?

This widget could not be displayed.

First off thanks for the responses, @Lameck Oliveira [Diferencial TI] & @Rob Woodgate. I really appreciate the help.

So, getting back to it, we actually have a space in Confluence that is dedicated for the JSD Knowledge Base and--once we decide how to manage Anonymous Access–this will be the one space that we want to have public, so to speak. So that is not the problem. 

The problem is actually two-fold: First, once we have Anonymous Access enabled globally, all Space Administrators will have the ability to allow there spaces to become Anonymously accessible. We solved this by creating a new group in our LDAP server and then delegating them all the permissions save for Space Admin rights. This solved our first problem.

However, in doing so, we ended creating a second problem in that space templates can only be created by those who are Confluence Administrators (not space admins). So, we are looking for a more granular approach in which we can give–what we call-- "Space Managers" the ability to create templates without the ability to enable Anonymous Access. 

@Rob Woodgate, do you know of a way to run a script to strip personal space admin rights? Or someone who does?

Hi Joseph,

I totally get that you want to prevent the possibility of space admins making their spaces accessible to anonymous users, but I think you're pushing the space admin model further than it's intended.

If someone is responsible enough to be a space administrator, then (within Atlassian's model) they are responsible enough to determine the permissions for the space.  As such, if you don;t want Anonymous mode turned on then space administrators need to be told that turning on Anonymous access is punishable by [insert appropriate punishment].  If they can't be trusted to adhere to this, they shouldn't have space admin privileges.  If you've removed space creation rights for everyone except Confluence Admins then this wouldn't be an issue anyway though.

However, you need to do what's right for your situation smile

To address your specific question, if this can be done by a site admin then I don't know how (but I'd be interested to learn).  Your best bet is probably to log a support request with Atlassian - they may be able to do something at the DB level, or tell you what you need to know about the table structure to amend the permissions yourself. 

Word of warning: Those type of changes would almost certainly be unsupported, so if you have a problem with them you'd have to pay a consultant to fix them.  Good luck, I hope you can find a solution that works for you.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

343 views 2 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you