Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to restrict access to personal spaces when a user is in confluence-users (Confluence 5.6.4)

We need to allow some external security auditors access to a single space in Confluence in order to allow them and the internal users being audited to update the audit documents.  We created the space, created the group for the auditors, and then created the auditor accounts (added them to confluence-users and their special auditor group).  They can see the audit space, but they can also views everyone's personal space (including any files people have in their personal space).  I tried removing access to a personal space by removing View permission for both the auditors groups and their userids.  However, because they belong to confluence-users, they are still allowed access.

Is there any way to restrict their access to only their space?  Is there any way to lock down anonymous access to only the auditors?  I've searched the documentation, knowledge base, and this community and have not found a definitive answer. 

Thanks for the help!

Teri 

2 answers

To allow a user to just see one Space and nothing else I would suggest to separate the confluence-users group from any other access except for being able to login to Confluence . So only use it in the Global Permissions setting. Then you can add another group for the basic access for regular users, which you do not include for the security auditors. These users you just allow to see specific spaces.

My recommendation is to do the same for jira-users group in Jira. Never use it for any other permissions than for logging in to Jira.

There is one challenge to make sure no other user are using these groups for permissions setting. Our way around that is the have a recurring issue for reviewing how it looks for a user with just jira-users and confluence-users set. Any ideas how this could be automated in some way would be appreciated.

Thanks

Olle

0 votes
Brant Schroeder Community Leader Dec 07, 2018

Teri,

  Sounds like your personal space configuration is not setup correctly.  I would expect each personal space to be limited to administrators and the user who owns the space.  Having confluence-user on personal spaces opens it up to anyone who has confluence access.  You should update your permissions on the spaces and check your default space permissions.

Thanks, Brant.  I removed confluence-users from Group space permissions and the auditor IDs can no longer see content on personal spaces.  They can, however, see the universe of people with personal spaces, as well as all the users in Confluence, from the People directory.  Do you know if there's a way to restrict access to the people directory?

I hope you have a great weekend!

Teri

Brant, 

That's exactly what I need.  I have one final question.  Can you allow access to more than one group?

Thank you so very much for your help!

Regards,
Teri

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence Cloud

🎨 Add some visual life to your templates

Hi Atlassian Community, My name is Avni Barman, and I am a Product Manager on the Confluence Cloud team. Based on feedback from you, we are giving admins more power to create templates that a...

155 views 1 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you