I have a 50 user license for Confluence and have 200 users in my active directory. How can I set up Confluence to allow 50 named users with login access to Confluence and the remaining users "view only" access?

Hi Darren,

Confluence's license count is based on Global Permission. Users will count towards the license in the following ways:

• If the user belongs in a group that has global permissions to use Confluence
• If the user is individually granted global permissions to use Confluence

Within the UI, you can get a listing of users that are assigned Global Permissions by navigating to Confluence Admin > Global Permissions. From there, you can see a list of users and groups that will count against your license. You can click on each group individually to reveal their members.

Also, this query will return users that belong in a group which has global permissions:

SELECT DISTINCT u.lower_user_name
FROM cwd_user u
JOIN cwd_membership m ON u.id = child_user_id
JOIN cwd_group g ON m.parent_id = g.id
JOIN spacepermissions sp ON g.group_name = sp.permgroupname
WHERE permtype='USECONFLUENCE' AND u.active = 'T';

If using LDAP, you can use filters to restrict the scope of the LDAP search. The best option would be to use filters based on Group Memberships. Example:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=jira-users,OU=Sydney,DC=example,DC=com))

To get your user count down, the following guidelines may be helpful:

• If you have more than one directory, ensure that the same user does not exist in multiple directories.
• We recommend that you allow only particular groups to log in to each application, rather than entire directories.
• Note that a mapped application can 'see' all users in a directory, even if not all of them can log in to the application. For example, a Human Resources application might be mapped to your entire Active Directory server, but only the HR group is allowed to log in to the application.

I hope this helps.

Cheers,

WZ