Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Hide confiforms attachments

m1key3
m1key3 January 6, 2022

Hi, 

my organisation is using Confluence as general Wiki and we are setting up an application portal for one organisational unit. 
We have a form that allows applicants to submit some general info and upload some files. The applicants can be internal (logged-in) or external (anonymous).
Only members of the hiring team should be able to see the applications and submitted files. We have already set up a restricted section with a table view to review the applications.

The problem is that all attachments are visible to all logged-in users (the entire organisation) on the form's page. For data-protection we cannot allow that. 

I tried to enable the secure storage in the form, but it seems that for anonymous users that creates completely unrestricted sub-pages, which is even worse from a data protection point of view.
I also tried to move the attachments to a hidden page, but one does not seem to be allowed to move attachments to a page without view permissions. 

Does anyone have an idea?

Thank you very much in advance!

Answer
Watch
Like Be the first to like this
544 views

4 answers

1 accepted

3 votes
Answer accepted
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 6, 2022

Hi

The problem is - Confluence does not have a way to set restrictions on attachments

Secure storage option attempts to help here, but in order this to work for anonymous users you need to set up "additional form admins" parameter on the ConfiForms Form Definition macro. This way the created page (with an attachment) will be restricted to this group/users only

As by default it does get restricted to current user, and with anonymous users that is no-one.. means that no restrictions applied

Alex

View More Comments
m1key3
m1key3 January 6, 2022

Hi Alex, 

thank you very much, it works! (the "additional" had thrown me off a little).

Just one related question: When I remove the associated data record, does that delete the created storage page as well?

Like Alex Medved _ConfiForms_ likes this
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 6, 2022

Sorry about the "additional" thing... Probably needs a better naming really.

As for if it deletes a page... Yes, when you delete a record it attempts to delete a (storage) page (and of course all the associated files)

Like
m1key3
m1key3 January 7, 2022

Hi Alex, 

if I want to add multiple additional admins, I have to enter them like this:

admin1,admin2,admin3 

Correct?

Somehow, it only gives view permissions to the storage site to admin1.

 

In the table view, will everyone (with view permission) be able to see the attachments even if they don't have view permission on the storage site?
And lastly, if the answer to the previous question is no, can I make it work by giving view permissions on the storage sites later on?

Like
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 7, 2022

Hard to tell… the configuration looks correct. And it is always better to use security groups instead 

And the answer is “no”. Yes you can change permissions on the storage pages just as you like. It is a normal Confluence page after all

Like
Reply
0 votes
Marcel Kleinlütke
Marcel Kleinlütke January 16, 2024

Is there a way to delete these secure storage pages directly after use? So the attachements are named and stored securely. And then attachemt and page are suppossed to be deleted. In this way even space admins do not know which attachment is in the trash....

Do u understadn what I want to do?


I activate secure storage. I send all the data to the recipients. I delete secure storage page and attachment... but I dont get the page deleted.

View More Comments
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 16, 2024

You can set up an IFTTT rule to remove a page by title

The format for (created) secure pages is as follows

storage_ENTRYID

where ENTRYID is the UUID of the entry/record

Alex

Like Marcel Kleinlütke likes this
Marcel Kleinlütke
Marcel Kleinlütke January 17, 2024

that worked great... thank u

Like Alex Medved _ConfiForms_ likes this
Reply
0 votes
Chloe P
Chloe P June 12, 2023

Hi @Alex Medved _ConfiForms_ 

I have a similar issue that I hope you might be able to help with.

We have created a confiform that on submission creates an attachment of all the information provided in the form which is then emailed to the user and to another area.

Like above, the attachment is currently visible to all users on the forms page and as it contains personal data needs restricted access. We tried to enable the secure storage however that only appears to work if an attachment is added by a user to the confiform and not if Confluence is the one generating the attachment.

Any ideas on how to enable the secure storage to work for this situation or generally how to hide the attachments from the users?

Thanks in advance!

View More Comments
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 12, 2023

Hi @Chloe P 

As answered before - Confluence does not support any mechanisms to secure access to an attachment. When a user has an access to the page they can also see the attachments

However, in ConfiForms you can enable "Secure storage" option for your form - via the ConfiForms Form Definition

secure-storage.png

What it does is it creates and restricts a dedicated page (as a sub page to the page where the form is define) to store user's attachments automatically

Consider adding a super users or form administrators in the same ConfiForms Form Definition macro to make sure the pages are not accessible only to a user but also form admins could access those whenever necessary

Alex

Like
Chloe P
Chloe P June 13, 2023

Sorry i don't think my initial questions was as clear as it should have been  @Alex Medved _ConfiForms_ 

I have enabled the "Secure storage" option on the form via the ConfiForms Form Definition that you’ve shown, however it’s not working in this situation.

The user is not actually uploading an attachment to the form, rather we have an IFTTT Integration Rule which on submission of the form creates an attachment (this includes information the user has input into the form and this is then sent to relevant areas for actioning). We have tried (and failed) to be able to secure store the attachment if the attachment is created from Confluence via an IFTTT rule AFTER the form is submitted instead of a user uploading an attachment to the form itself, if that makes sense?

I have used the “secure storage” successfully on other forms when users have uploaded their own attachments to the confiform however I’m trying to see if it’s possible to secure store attachments created after a confiform has been submitted. At the moment the IFTTT Integration rule is run and the attachment is created and emailed to the relevant areas but the attachment gets added to the form page which everyone can view.

Thanks heaps for your help!

Like
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 13, 2023

May be you can just remove the attachment (automatically) after you have sent it to the user via email? 

Or you want to keep it?

Alex

Like
Reply
0 votes
Pramodh M
Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 6, 2022

Hi @m1key3 

The attachments follow space permissions and page restrictions.

There is permission to allow users to attach or delete the attachment where as for view it follows page permissions

Thanks,

Pramodh

View More Comments
Alex Medved _ConfiForms_
Alex Medved _ConfiForms_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 6, 2022

This is absolutely right! And without ConfiForms in the context would be a good answer.

Thanks Pramodh

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events