How do I remove the 'adding comments' from anonymous users?

As it says on the tin. We have dozens of publicly viewable spaces, most of them have anonymous comments enabled. This was OK for years, but eventually spammers found this hole.

Even with CAPTCHA enabled a lot of spam comments are manually put in (almost all from China, Russia, India, Venezuele, India).

Thus, the time has now come to disable anonymous comments.

Because we have so many spaces, I'm looking for an automated way to remove the privileges from all spaces. Is this possibel? SQL is no problem here.


4 answers

I do it by editing the Comment Layout decorator and adding a check: if the user is not logged in, then the comments area doesn't show up. Instead, I prompt them to log in. Here's the code:

#if ($permissionHelper.canComment($remoteUser, $page))
  ## comment code here
#elseif (!$permissionHelper.canComment($remoteUser, $page))
  #set($targetPage = "/login.action?os_destination=" + $generalUtil.urlEncode($page.getUrlPath()))
  You must <a href="$targetPage">log in</a> to comment.



Yes, easy to do with Confluence Command Line Interface. Use the removePermissions action specifying the space. Use in combination with runFromSpaceList like so:

--action runFromSpaceList --common "--action removePermissions --space @space@ --userId anonymous --permissions comment"

If you don't need it for all space, there are other techniques to subset the list (regex) or just use a specific list with runFromList

Furthermore, you can view your permission settings across all your spaces with this example output: getSpacePermissionList

I already had a look at the spacepermissions table and came up with:

DELETE FROM spacepermissions WHERE permtype = 'COMMENT' AND permusername IS NULL and permgroupname IS NULL;

That seemed to do the trick.

I'll have a look at the CLI stuff because that seem to be a better abstraction layer then plain SQL.


You have to be careful with the SQL approach not to corrupt your database (from a Confluence perspective). You should also not do SQL on a live server. For some things, you may be able to get away with it and it is hard to know what cases those are or if it changes from one release to another :(.

You're right. I just found out that my SQL solution in fact did NOT work.

Or, not any more. I swear that the anonymous comment was gone when I applied the commands, but several hours later it's there again. Even though the permissions manager shows a red cross.

If I manually enable all permissions, then disable, then it works.

I'll try the CLI tools now.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

718 views 2 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you