Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to set up Authenticated Read Only Access

Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2014

Hi,

I work for a large company and we are using confluence to publish documentation for some of our internally developed systems.  We have limited user license that is much smaller than the number of employees in the company.  We've using groups within Active Directory to control access.  We're granting anonymous access to people can see the pages.  This all works fine - anonymous users can see the information and our team can author it.  However, here's the rub.  If an individual who is not in one of the blessed groups log in, they get a permission denied error and can no longer see any information.  I've been told by the Atlassian sales team that allowing Authenticated Read-only access does not consume a seat in the license, but I have been unable to figure out how to set this up in Confluence.  Does anybody know how to do this?

-Scott

Keysight Technnologies

 

Answer
Watch
Like Be the first to like this
6741 views

8 answers

1 accepted

1 vote
Answer accepted
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 10, 2014

Anyone that has the "can use" permissions set up in global permissions will consume a license. So, if you are a member of a group that is set to "can use" or you are explicitly set up for "can use" then you will use a license ... which means even people set to read-only at the space level will use a license. After all licensing isn't a space level function it is a system level function.

image2014-11-10 13:28:5.png

Reply
4 votes
David Holshouser
David Holshouser January 20, 2017

I will simply comment on this to raise awareness.

It makes no sense to allow anonymous users read-only access but deny authenticated users that same access.

This is a security issue. At my company we are required to log every employee in to any web app due to Chinese hacking in the past. Now I read that anonymous users have more access than authenticated users in the system. I was lead to believe by the Confluence sales team that we could present read-only content to my entire company even though my developer base is small.

This is a contradiction and a problem for user communities. There's simply no way I will purchase 3000 seats when I have a developer base of 150. Outrageous.

View More Comments
Albert Dias
Albert Dias October 29, 2017

I couldn't agree more. It's absurd that JIRA logged-in users can't access Confluence pages that are open to the public Internet via Anonymous permissions.

Like
trevor_belstead
trevor_belstead
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 8, 2023

I agree!

The only reason that Atlassian could use is money, logically it makes no sense at all, when will they offer this feature as I have implemented Atlassian am many companies and more than half have dropped the product because of this one issue.

Not all individuals in an organization need to use the functionality they just need access to view the information. Which according to Atlassian is better to share anonymously to the whole world rather than keep it secure for you company JUST BLOODY MENTAL!!! 

Like
Reply
2 votes
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 29, 2014

Thanks David, your answer is correct.  Atlassian sales told me that a read-only user would not consume a seat, but it doesn't appear to be technically possible at this time.

Reply
1 vote
Jonathan Holdsworth
Jonathan Holdsworth August 12, 2019

I agree this solution is inadequate. We have a developer base of 10 and a user base of over 1000. I struggled to get the licence for 10 seats across the line, there is no way I will get 1000 and there is an even slimmer chance I will open our processes to the internet. 

 

Biggest gripe with my favorite tool in 2019. 

Reply
1 vote
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 20, 2017

Here is a possible work around for you that I have seen another site do. They created an account that has read only access and did not tell the employee base the UN/PW of that account. Then they created another login form themselves that would authenticate them against their login system and if it was correct would then submit the secret UN/PW for Confluence to the Confluence login page. That way they would not have to tell the employees the secret account and have to worry about resetting the PW when people left, but they could still make it such that you had to log in. They are not logged into Confluence as themselves, but they still do have to authenticate their account before getting in.

View More Comments
Yury Talyukin
Yury Talyukin October 30, 2017

Thanks David for putting this out. Can I clarify that I understood you correctly? Suppose I have an application with user database.

1. Create Confluence read-only account to be shared across all users

2. Authenticate my users against my application

3. In the background, supply secret credentials to confluence (which will make the user to be authenticated against confluence)

4. Now users can see confluence page through the read-only account?

Like
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 31, 2017

Yep, that's the gist of it.

Like
Gctech Gctech
Gctech Gctech March 14, 2018

Ok so what I understand is to create a login form on a web server and authenticate user but how will that form authenticate confluence in the background?

Like
kyle
kyle November 6, 2018

Hello,

I wanted to see if there was an answer to the question above. I'm also in a situation where we only have 20 or so people that need edit access to confluence, but probably around 30 more that will need view access from time to time.

If there is an answer, it would be a huge help.

Also, I know Confluence/atlassian has been making a lot of changes lately - is there a way to raise this as a priority to them to make it easier?

Like
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 8, 2018

@kyle If you are ok with the viewers being anonymous then you could enable anonymous access for the space (which will allow anyone to see it) and then get just enough licenses for your editors. Anonymous access does not use a license.

Like
Reply
0 votes
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 10, 2014

Thanks Jeff,  either I'm being quite dense or not clear about the problem.  I am having no issues with anonymous access.  The issue is when a user has authenticated (i.e. is known to the system via the LDAP directory)  I want them to have read only access to a space but not to consume a license seat.  According to Confluence sales, a read only user should not consume a set; however, when I grant my all-employees group the 'use confluence' permission and read only access to my space, confluence denies any user from making changes because the number of users has exceeded the license.  So, I'm trying to figure out how to configure Confluence so that my authenticated read-only users don't consume a license seat. 

View More Comments
Imed Inoubli
Imed Inoubli May 13, 2020

Hi Scott_Selberg

i have JIRA SD linked to confluence, so i have linked spaces with JIRA projects and i have given read only access to specific groups.

those users can view the articles from JIRA dashboard/customer portal without consuming license.

i have enabled anonymous access but i'm controlling the users from JIRA uses management ( i used Atlassian Crowd for users directory configuration in Confluence)

so, those users cannot login directly to confluence but they can use JIRA or Confluence mobile to read articles.

Like
Reply
0 votes
Jeff Peters
JeffP November 8, 2014
The global configuration allows users to have initial access to the instance, but each space must also be configured to allow the Anonymous users to have specific permissions (e.g., View) in that space, as indicated by the instructions at https://confluence.atlassian.com/display/AOD/Assigning+Space+Permissions.  By default each space usually allows members of the confluence-users group to have the space permissions shown in the instructions link, and these space permission configurations can easily be modified by a space admin.  If the space admin wants to grant anonymous user to have space view, add pages, etc. permissions, then these permissions can be granted.
*Bottom Line*:  When an anonymous user accesses your instance, he/she will only be able to view, etc. the spaces where they are permitted.
I hope this clarification has been helpful.
Reply
0 votes
Jeff Peters
JeffP November 7, 2014

When you configure the space, only grant the Anonymous users to have read/view space page permissions (https://confluence.atlassian.com/display/AOD/Assigning+Space+Permissions) or you can do the same thing at a global level (https://confluence.atlassian.com/display/DOC/Setting+Up+Public+Access) for your instance.

View More Comments
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 7, 2014

I don't think that is quite what I'm looking for. Here is what I'm observing. I have a space that allows anonymous access. I'm authenticating users against the corporate Active Directory. If a user doesn't log in, they can see the page as an anonymous user. If they choose to use the login link at the top of the page, they can authenticate because they are in the Active Directory, but they are not in a group that can 'use' confluence. What that user now sees is a 'permission denied' error trying to view any pages in Confluence. This is not intuitive. Now, perhaps this is a bug in Confluence in that if an Anonymous user can do a thing an authenticated user should also be able to do it. This can make it difficult to enforce the user license iimit, so perhaps it's only use and read permissions that can be granted to all users if anonymous access is allowed. But that it the problem. I want to keep my user base from being able to lock themselves out.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events