Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I want to block access to Space Tools > Permissions, but leave other access

Rosalind BANWELL
Rosalind BANWELL April 4, 2018

Hi all

We want to ensure that users are not added to spaces by error. To do this we need to limit access to Space Tools > Permissions for Space Administrators BUT leave rights to other items.

Is this possible?

Thanks, Rosalind

Answer
Watch
Like Be the first to like this
875 views

3 answers

1 vote
Daniel Eads _unmonitored account_
Daniel Eads _unmonitored account_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 4, 2018

Slightly less simple answer:

  • It could be done at your reverse proxy (nginx, Apache, IIS) by matching the space permissions page and applying some rule - e.g. only certain IP addresses can access the page, only display the page if the username section in part of the page matches a certain list, etc. This would be a bad way to go about this and likely cause problems for your System Administrators. Don't do this.
  • Some functions can be delegated - there are plenty of plugins for Jira that authorize non-admins to do certain things. This is the only one for Confluence right now, but might be an option depending on your situation
  • You could potentially apply some javascript to hide the Permissions button in the Space Tools menu. This wouldn't prevent people from getting there through other routes (like just clicking the Permissions tab when they're already doing some other space administration task).

Confluence is generally open by design to encourage people to collaborate. What other items do your space administrators regularly do? If you don't want them to be able to add users to the space, should they be doing other space administrator tasks? Can you achieve the same results by a short bit of training - if your company's policy is "don't add people to spaces", it wouldn't take but a couple minutes to show people how to not add permissions. And then as Thomas said very well, you're going to have to trust the people you've given space administrator privileges to.

Cheers,
Daniel

View More Comments
Rosalind BANWELL
Rosalind BANWELL April 4, 2018

Yes, we'd thought as a last resort about hiding ways to access the Permissions page.

Our Space Admin users still need to be able to modify CSS, create templates and blueprints, modify the sidebar, etc.

Our IT security team are concerned about potential errors being made that add customers/partners to spaces that contain restricted information... we have already limited Space Admin on these spaces...

Like
Daniel Eads _unmonitored account_
Daniel Eads _unmonitored account_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 4, 2018

Hmm. After thinking about this a little more on the way in to the office this morning (ahh, zen highway driving) it seems prudent to make another generic suggestion.

If you're finding this is a big enough issue that you want to spend money on it, Wittified (creators of many "delegated administration"-type plugins) could be contacted to build something for you. Or any other partner that does plugin development: https://www.atlassian.com/partners/search?page=1&expertise=Custom%20Development (select a country to get results)

Like
Reply
0 votes
Minh Tran
Minh Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 4, 2018

@Rosalind BANWELL I don't think Confluence supports for such ability.

View More Comments
Rosalind BANWELL
Rosalind BANWELL April 4, 2018

Ok, thanks :-(

Like
Reply
0 votes
Thomas Schlegel
Thomas Schlegel
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 4, 2018

@Rosalind BANWELL - simple answer: no.

You have to trust your space administrators.

View More Comments
Rosalind BANWELL
Rosalind BANWELL April 4, 2018

Ok, thanks :-)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events