Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Delegating permission to add users

ITops123
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2013

CONTEXT

I've been getting requests that temporary/seasonal staff be allowed restricted access to our wiki. In theory, I don't oppose this.

PROBLEM

These temporary staff members number into the several hundred and are hired independently and sporadically throughout the year by our 14+ sites around the country.

  • I don't have the capacity to create user names and passwords for all these people, as they are needed.
  • The users will need access to a different space, depending on which site hired them. The sites are best equipped to know what space that is.
  • I don't feel comfortable giving out the "account request" link because it would be a total mess. I don't know who those people are and would still have to ask which space is the right one, if it's a legitimate request, etc.

WHAT I'M LOOKING FOR

The staff members at each site know who should have access and to which space the new user needs access.

Is there any way to delegate permission to site staff to add users to a specific group in Confluence? I certainly don't want to add 14 Confluence Administrators, since that's just too much risk and way more permission than they need.


I've considered adding a new LDAP directory to handle just those users.

Thoughts?

1 answer

0 votes
J. Caldwell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 12, 2013

There are a couple of ways you could skin this cat.

LDAP - As you said. Have your LDAP repository contain some AD groups. Those AD groups would correspond to specific "functions" and would be pre-build into the sites. Membership in those groups would get you "access." If there is a org that is staffed enough and already has access to add/remove folks from those AD groups, that would be a good way to go. Existance in this AD group would get you access. You'll need to create a User Directory that matchings what you want...maybe multiple.

Internal to Confluence -

Create a group and add trusted folks to that group. They will have to be given the "Confluence Administrator" permissions through the "Global Permissions." There are plugins that give you an admin level view so you can review what has been happening.

Just my thoughts.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events