You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
my organisation is using Confluence as general Wiki and we are setting up an application portal for one organisational unit.
We have a form that allows applicants to submit some general info and upload some files. The applicants can be internal (logged-in) or external (anonymous).
Only members of the hiring team should be able to see the applications and submitted files. We have already set up a restricted section with a table view to review the applications.
The problem is that all attachments are visible to all logged-in users (the entire organisation) on the form's page. For data-protection we cannot allow that.
I tried to enable the secure storage in the form, but it seems that for anonymous users that creates completely unrestricted sub-pages, which is even worse from a data protection point of view.
I also tried to move the attachments to a hidden page, but one does not seem to be allowed to move attachments to a page without view permissions.
Does anyone have an idea?
Thank you very much in advance!
The problem is - Confluence does not have a way to set restrictions on attachments
Secure storage option attempts to help here, but in order this to work for anonymous users you need to set up "additional form admins" parameter on the ConfiForms Form Definition macro. This way the created page (with an attachment) will be restricted to this group/users only
As by default it does get restricted to current user, and with anonymous users that is no-one.. means that no restrictions applied
Sorry about the "additional" thing... Probably needs a better naming really.
As for if it deletes a page... Yes, when you delete a record it attempts to delete a (storage) page (and of course all the associated files)
if I want to add multiple additional admins, I have to enter them like this:
Somehow, it only gives view permissions to the storage site to admin1.
In the table view, will everyone (with view permission) be able to see the attachments even if they don't have view permission on the storage site?
And lastly, if the answer to the previous question is no, can I make it work by giving view permissions on the storage sites later on?
Hard to tell… the configuration looks correct. And it is always better to use security groups instead
And the answer is “no”. Yes you can change permissions on the storage pages just as you like. It is a normal Confluence page after all
I have a similar issue that I hope you might be able to help with.
We have created a confiform that on submission creates an attachment of all the information provided in the form which is then emailed to the user and to another area.
Like above, the attachment is currently visible to all users on the forms page and as it contains personal data needs restricted access. We tried to enable the secure storage however that only appears to work if an attachment is added by a user to the confiform and not if Confluence is the one generating the attachment.
Any ideas on how to enable the secure storage to work for this situation or generally how to hide the attachments from the users?
Thanks in advance!
Hi @Chloe P
As answered before - Confluence does not support any mechanisms to secure access to an attachment. When a user has an access to the page they can also see the attachments
However, in ConfiForms you can enable "Secure storage" option for your form - via the ConfiForms Form Definition
What it does is it creates and restricts a dedicated page (as a sub page to the page where the form is define) to store user's attachments automatically
Consider adding a super users or form administrators in the same ConfiForms Form Definition macro to make sure the pages are not accessible only to a user but also form admins could access those whenever necessary
Sorry i don't think my initial questions was as clear as it should have been @Alex Medved _ConfiForms_
I have enabled the "Secure storage" option on the form via the ConfiForms Form Definition that you’ve shown, however it’s not working in this situation.
The user is not actually uploading an attachment to the form, rather we have an IFTTT Integration Rule which on submission of the form creates an attachment (this includes information the user has input into the form and this is then sent to relevant areas for actioning). We have tried (and failed) to be able to secure store the attachment if the attachment is created from Confluence via an IFTTT rule AFTER the form is submitted instead of a user uploading an attachment to the form itself, if that makes sense?
I have used the “secure storage” successfully on other forms when users have uploaded their own attachments to the confiform however I’m trying to see if it’s possible to secure store attachments created after a confiform has been submitted. At the moment the IFTTT Integration rule is run and the attachment is created and emailed to the relevant areas but the attachment gets added to the form page which everyone can view.
Thanks heaps for your help!
May be you can just remove the attachment (automatically) after you have sent it to the user via email?
Or you want to keep it?
The attachments follow space permissions and page restrictions.
There is permission to allow users to attach or delete the attachment where as for view it follows page permissions
This is absolutely right! And without ConfiForms in the context would be a good answer.