Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence and Jira security to outside the organization users

Nikki Dean
Nikki Dean
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 21, 2024

We have given certain people outside our organization access to certain parts of our internal jira and confluence. However, we have discovered that it is not working the way we thought it should. For example, they can go into a page they are allowed to access in Confluence, click in the search bar, search for something and get results back that take them to a jira item that they are NOT assigned security for and should NOT be allowed to see. Why are search results shown to them that fall outside of this security? Can we disable the search bar? Are we not implementing something correctly that is allowing this loophole to exist? At this point we are looking at revoking all access to our atlassian sites to protect proprietary data which is not ideal.

Answer
Watch
Like Be the first to like this
223 views

1 answer

0 votes
Danno
Danno
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 21, 2024

@Nikki Dean I am guessing that the way you granted access to Jira for those people outside of your organization is the reason they can gain access to the Jira issues you do not want them to see.

It would be helpful to have you explain how you granted the Confluence and Jira permissons to analyze the issue.

View More Comments
Nikki Dean
Nikki Dean
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 21, 2024

That is, of course, a logical question that I wish I could easily answer. Unfortunately it was set up long before my time here. Here's the little I know: we gave an outside company an internal email address to use as a login, we'll say external1@internalco.com. They log onto for example atlassian.internalco.com with that email as their login and we've assigned permissions that say you, external1 user, are part of this External1 group. The External1 group can see only these jira issues and only these Confluence pages. When we log in using that username to test it, everything looks as we anticipate but we're also not trying to game the system. They have other plans, I guess. When they click in the Confluence search bar, they can search for a key word like "blue" and the results show here are the items in Confluence that contain the word "blue" (some of which they have security to view and some of which they don't) and here are the items in jira that contain the word "blue" (again, some of which they should be able to see and some of which they shouldn't). They can click on those items they shouldn't be able to see and jira opens to one of those "blue" items and they can navigate around and see whatever they want. If that jira issue is linked to another they can click it and keep going, no questions asked.

Maybe I should ask this to turn the question on its head: is there a guide for how to best implement something like this? Maybe we should just rethink it from the top. I think the high level requirements are that we have certain groups of people that we would like to see certain groups of Confluence pages. On those certain Confluence pages we would like to display certain jira filters. We would like for them to be able to click on those jira issues and see the specifics in jira. We don't want them to see other Confluence pages or other jira issues. 

Does that help at all? Sorry for not knowing more. I will try to find out more details.

Like
Danno
Danno
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 2, 2024

@Nikki Dean I've been on vacation and didn't see your post until now.

This is going to get very complicated very quickly. My suspicion is that your permissions for all of your projects and your Confluence spaces are very open so to speak. Do you have a site/org admin?

I think you'll need to talk to that person(s) to have them help you with this. You'll need to have separate permissions in both Confluence and Jira that limit viewing of spaces, pages and issues to only the information they need to see.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events