Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to configure this special security case?

Deleted user March 23, 2016

Hi guys,

we try to configure confluence which special persmissions.

simple Case details:

  • 1 space
  • 3 headlines in navigation bar
  • and a lot of articles below

Very simple so far wink

Now we wanna set some security permissions:

  • anoymous user1 access with permission "read" to headline 1
  • anoymous user2 access with permission "read" to headline 2,3
  • group access with permission "read" to whole space
  • group access with permission "read / edit" to whole space

Our problem is point 2 in dependence to 1.

We don't use LDAP authentication.

Any ideas?

Thanks a lot!

 

Answer
Watch
Like Be the first to like this
447 views

5 answers

0 votes
Deleted user March 23, 2016

But it is possible the create a, for example, readonlygroup and put a user in. This group should see headline 2,3 but, and thats the problem, it should NOT see the "Profiles", "Persons", "Favorite", -Buttons on top of the page.

->

    confluence-user (view complete space1)

    confluence-admin (view / edit complete space1)

    confluence-readonly (view navigation with headlines 1,2,3)

    anonymous (view navigation with headline 1)

 

?

View More Comments
Panos
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

Confluence-readonly implies that user has logged in, you asked both anonymous

Like
Deleted user March 23, 2016

sure... and you told, it is not possible without any programming... So maybe this is a second option?

 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

Yes, that's not "anonymous" any more - you know it's someone to whom you have given an account (even if it's shared, so you don't know which human it is, it's still not anonymous)

Now you know who they are, you can apply the permissions like they're any other user.  But, you still can't do anonymous1 and anonymous2 because you have only set up one user. 

And because they are now a logged in user, they get to see profiles, persons, favourite and so-on.

Like
Panos
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

Yes, it would be possible with creating some servlet filter for the specific URL or inject javascript. But then you need to decide what criteria should anonymous user A should fulfill in order to see header and what different criteria should anonymous user B should fulfill in order to see partial header. 

Like
Panos
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

I believe you should re-think your approach with anonymous and keep it "one", but thats just me smile

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

Panos is absolutely right.  You have no way of knowing that anonymous1 is not anonymous2 - the whole point of anonymous access is that they do not log in.  Without a log in, you can't know who a visitor is, so you simply don't have any data to decide on different behaviours.

There are things you can do with proxy servers or networking that could add more information to a session so that you could make access decisions based on it, but Confluence works with users only, so you'd have to start coding to allow it to make different decisions as well.

Reply
0 votes
Panos
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

You can't do that, not unless you provide some kind of distinguishment between anonymous1 and anonymous2. e.g. anonymous1 comes from XXX page and anonymous2 comes from YYY page, assuming that web-browser settings are intact

Reply
0 votes
Deleted user March 23, 2016

both should be anonymous (no view to other profiles, no option to set sites as favorite, ...), but anonymous should see headline1 and the other should see headline 2,3

 

Reply
0 votes
Panos
Panos
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2016

What is this that differentiates user1 and user2 as both are anonymous?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security