I have a 50 user license for Confluence and have 200 users in my active directory.
How can I set up Confluence to allow 50 named users with login access to Confluence and the remaining users "view only" access?
As William has mentioned, Confluence controls its license based on Global Permissions. You can indeed place your 50 users into a certain group, and adding that group to Confluence Global Permissions. The members of any group that has Global Permissions to use Confluence will count against the license.
You also mentioned wanting to give the rest of your LDAP users (that do not have accounts in Confluence) read-only access to Confluence content. To this end, you can enable Anonymous access in Global Permissions, then go to the Space Admin console of individual spaces and grant anonymous users View access only. Please note that both Global and Space-level permissions are required for anonymous access; merely allowing anonymous access at the Spacel level is insufficient.
One major caveat to keep in mind with this setup is that anyone without an account will be able to see your Confluence content, provided that they can reach your Confluence server. In other words, due to the nature of anonymous access, Confluence will not distinguish whether the visitor exists in your LDAP or not.
Confluence's license count is based on Global Permission. Users will count towards the license in the following ways:
Within the UI, you can get a listing of users that are assigned Global Permissions by navigating to Confluence Admin > Global Permissions. From there, you can see a list of users and groups that will count against your license. You can click on each group individually to reveal their members.
Also, this query will return users that belong in a group which has global permissions:
SELECT DISTINCT u.lower_user_name FROM cwd_user u JOIN cwd_membership m ON u.id = child_user_id JOIN cwd_group g ON m.parent_id = g.id JOIN spacepermissions sp ON g.group_name = sp.permgroupname WHERE permtype='USECONFLUENCE' AND u.active = 'T';
If using LDAP, you can use filters to restrict the scope of the LDAP search. The best option would be to use filters based on Group Memberships. Example:
To get your user count down, the following guidelines may be helpful:
I hope this helps.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs