Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Different permissions required to Move Pages - DC vs. Cloud

Trudy Claspill
Trudy Claspill
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 8, 2024

I found documentation for Confluence Cloud that states one must be a Space Admin to move pages from that space to another space.

https://support.atlassian.com/confluence-cloud/docs/move-copy-and-hide-pages/

For Confluence Data Center 8.5.4. I found this page states that you need only the Delete permission within the space, not Space Admin

https://confluence.atlassian.com/conf85/move-and-reorder-pages-1283359685.html

 

Does anybody have insights or links to documents/announcements that would explain why Space Admin permissions are required in Cloud, when they are not required in DC?

Answer
Watch
Like Be the first to like this
37 views

1 answer

1 accepted

0 votes
Answer accepted
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 8, 2024

Hi @Trudy Claspill 

 

Ugh yeah, I ran into this the other week, and dug this up:

We want to explain changes to cross-space page moves that resulted from patching a recently discovered vulnerability. The changes desupport an estimated 10-15% of cross-space page moves.

What was the vulnerability?

Summary: Moving a subtree (page+child pages) across spaces could allow for a user to inappropriately access and modify previously restricted child pages. 

Given a user with the following permissions:

 In the Source Space

  • User is NOT a space admin

  • User has delete page permission

  • User has create page permission

  • User has edit restrictions on the page

In the Target Space

  • User is a space admin

 

 

 

 

the user can move a page and all child pages to a space where they are a space admin. In the Manage Pages>Restricted admin screen, the user can then access any previously restricted child pages.

How did we patch it?

Only space admins of the source space can move a page out of the space. This patches the vulnerability as the space admin of the source is already allowed to access those restricted pages via the Manage Pages>Restricted admin screen.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events