Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Hide confiforms attachments


my organisation is using Confluence as general Wiki and we are setting up an application portal for one organisational unit. 
We have a form that allows applicants to submit some general info and upload some files. The applicants can be internal (logged-in) or external (anonymous).
Only members of the hiring team should be able to see the applications and submitted files. We have already set up a restricted section with a table view to review the applications.

The problem is that all attachments are visible to all logged-in users (the entire organisation) on the form's page. For data-protection we cannot allow that. 

I tried to enable the secure storage in the form, but it seems that for anonymous users that creates completely unrestricted sub-pages, which is even worse from a data protection point of view.
I also tried to move the attachments to a hidden page, but one does not seem to be allowed to move attachments to a page without view permissions. 

Does anyone have an idea?

Thank you very much in advance!

2 answers

1 accepted


The problem is - Confluence does not have a way to set restrictions on attachments

Secure storage option attempts to help here, but in order this to work for anonymous users you need to set up "additional form admins" parameter on the ConfiForms Form Definition macro. This way the created page (with an attachment) will be restricted to this group/users only

As by default it does get restricted to current user, and with anonymous users that is no-one.. means that no restrictions applied


Hi Alex, 

thank you very much, it works! (the "additional" had thrown me off a little).

Just one related question: When I remove the associated data record, does that delete the created storage page as well?

Sorry about the "additional" thing... Probably needs a better naming really.

As for if it deletes a page... Yes, when you delete a record it attempts to delete a (storage) page (and of course all the associated files)

Hi Alex, 

if I want to add multiple additional admins, I have to enter them like this:



Somehow, it only gives view permissions to the storage site to admin1.


In the table view, will everyone (with view permission) be able to see the attachments even if they don't have view permission on the storage site?
And lastly, if the answer to the previous question is no, can I make it work by giving view permissions on the storage sites later on?

Hard to tell… the configuration looks correct. And it is always better to use security groups instead 

And the answer is “no”. Yes you can change permissions on the storage pages just as you like. It is a normal Confluence page after all

0 votes
Pramodh M Community Leader Jan 06, 2022

Hi @m1key3 

The attachments follow space permissions and page restrictions.

There is permission to allow users to attach or delete the attachment where as for view it follows page permissions



This is absolutely right! And without ConfiForms in the context would be a good answer.

Thanks Pramodh

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence Cloud

🏠 Say hello to the new Confluence Home!

Hi Atlassian Community, My name is DJ Chung, and I’m a Product Manager on the Confluence Cloud team. Today, I’m excited to share a new and improved version of Home. The new Home helps you ...

40,507 views 28 130
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you