How do I restrict users from sharing a Confluence Space?

Hi Andrei and welcome to the Community.

If I understand it correctly, you don't want users from Vendor A to see that users from Vendor B can also access the space.

I guess the vendors all have their individual accounts and that your space is not public (no anonymous access).

I don't think you can achieve that given that Confluence has been built as a collaborative environment. 

However, there are solutions.

Solution 1

You can create multiple spaces with identical content. Space Sync for Confluence by Ricksoft allows you to have one 'master' source space and then simply sync the content into multiple spaces - in this scenario, each vendor would have their own space.

You could also create sections in your source space that would be specific for one or more vendors because you can control what is synced and where.

You would apply permissions in such a way that users from a specific vendor would only have access to their own designated space.

Solution 2

Apps such as Scroll Viewport by K15t and Instant Websites by Glintech allow you to generate a static website from a private Confluence space AND then restrict access by SSO. 

I'm gonna use our doc site https://docs.emplifi.io/ created in Viewport as an example (the site is public but it has a SSO protected version too). As you can see, there's no mention of users anywhere, so no user would see other users.

Also, sharing would be impossible because YOU control SSO access.

As an overkill, you can create individual sites for individual vendors with their own branding :) 

Both solutions are clean and simple to implement and manage - both in terms of content and user/permission management

Disclaimer: I'm not affiliated with the abvoementioned app vendors. And I'm not a bot :) 

@Andrei Gapanenko Are the vendor users defined as Guests or do you actually have licenses for them?

According to this page (https://support.atlassian.com/confluence-cloud/docs/what-can-guests-see-and-do-on-confluence/):

Guests have limited access to internal user info

Confluence blocks guests' access to the people directory, which contains Confluence-wide user information.

Functions that query the people directory of the entire instance include:

• @ mentions

• the Teams tab in the top nav bar

• user search

• user pickers

These are systemically blocked for all guests.

I'm thinking that this stops them from seeing your internal company users, but maybe it does not apply to other Guests. @Kristian Klima do you know whether this is true? I would think that there would not even be a Share Space button for Guest users.