We need to allow some external security auditors access to a single space in Confluence in order to allow them and the internal users being audited to update the audit documents. We created the space, created the group for the auditors, and then created the auditor accounts (added them to confluence-users and their special auditor group). They can see the audit space, but they can also views everyone's personal space (including any files people have in their personal space). I tried removing access to a personal space by removing View permission for both the auditors groups and their userids. However, because they belong to confluence-users, they are still allowed access.
Is there any way to restrict their access to only their space? Is there any way to lock down anonymous access to only the auditors? I've searched the documentation, knowledge base, and this community and have not found a definitive answer.
Thanks for the help!
To allow a user to just see one Space and nothing else I would suggest to separate the confluence-users group from any other access except for being able to login to Confluence . So only use it in the Global Permissions setting. Then you can add another group for the basic access for regular users, which you do not include for the security auditors. These users you just allow to see specific spaces.
My recommendation is to do the same for jira-users group in Jira. Never use it for any other permissions than for logging in to Jira.
There is one challenge to make sure no other user are using these groups for permissions setting. Our way around that is the have a recurring issue for reviewing how it looks for a user with just jira-users and confluence-users set. Any ideas how this could be automated in some way would be appreciated.
Sounds like your personal space configuration is not setup correctly. I would expect each personal space to be limited to administrators and the user who owns the space. Having confluence-user on personal spaces opens it up to anyone who has confluence access. You should update your permissions on the spaces and check your default space permissions.
Thanks, Brant. I removed confluence-users from Group space permissions and the auditor IDs can no longer see content on personal spaces. They can, however, see the universe of people with personal spaces, as well as all the users in Confluence, from the People directory. Do you know if there's a way to restrict access to the people directory?
I hope you have a great weekend!
Hi Atlassian Community, My name is Avni Barman, and I am a Product Manager on the Confluence Cloud team. Based on feedback from you, we are giving admins more power to create templates that a...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events