How do I remove the 'adding comments' from anonymous users?

As it says on the tin. We have dozens of publicly viewable spaces, most of them have anonymous comments enabled. This was OK for years, but eventually spammers found this hole.

Even with CAPTCHA enabled a lot of spam comments are manually put in (almost all from China, Russia, India, Venezuele, India).

Thus, the time has now come to disable anonymous comments.

Because we have so many spaces, I'm looking for an automated way to remove the privileges from all spaces. Is this possibel? SQL is no problem here.


4 answers

This widget could not be displayed.

I do it by editing the Comment Layout decorator and adding a check: if the user is not logged in, then the comments area doesn't show up. Instead, I prompt them to log in. Here's the code:

#if ($permissionHelper.canComment($remoteUser, $page))
  ## comment code here
#elseif (!$permissionHelper.canComment($remoteUser, $page))
  #set($targetPage = "/login.action?os_destination=" + $generalUtil.urlEncode($page.getUrlPath()))
  You must <a href="$targetPage">log in</a> to comment.



This widget could not be displayed.

Yes, easy to do with Confluence Command Line Interface. Use the removePermissions action specifying the space. Use in combination with runFromSpaceList like so:

--action runFromSpaceList --common "--action removePermissions --space @space@ --userId anonymous --permissions comment"

If you don't need it for all space, there are other techniques to subset the list (regex) or just use a specific list with runFromList

Furthermore, you can view your permission settings across all your spaces with this example output: getSpacePermissionList

This widget could not be displayed.

I already had a look at the spacepermissions table and came up with:

DELETE FROM spacepermissions WHERE permtype = 'COMMENT' AND permusername IS NULL and permgroupname IS NULL;

That seemed to do the trick.

I'll have a look at the CLI stuff because that seem to be a better abstraction layer then plain SQL.


You have to be careful with the SQL approach not to corrupt your database (from a Confluence perspective). You should also not do SQL on a live server. For some things, you may be able to get away with it and it is hard to know what cases those are or if it changes from one release to another :(.

You're right. I just found out that my SQL solution in fact did NOT work.

Or, not any more. I swear that the anonymous comment was gone when I applied the commands, but several hours later it's there again. Even though the permissions manager shows a red cross.

If I manually enable all permissions, then disable, then it works.

I'll try the CLI tools now.

This widget could not be displayed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

482 views 6 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you