I would like to remove anonymous access as a choice for Space admins

I would like to remove anonymous access as a choice for Space admins.Since if a client space admin accidentally selects anonymous user permission, the space is visible to all users who are logged in which is a security breach in our company.

In the global permissions section for anonymous user we have selected as anonymous users can't use confluence, because of which if a page is set as anonymous a non-logged in user is not able to view that page , but a logged in user can access that page

since we have set in the global permissions that an anonymous user can't view confluence then if a space is set as anonymous (non-login user) then that is working fine for anonymous user i.e. an anonymous user is unable to view that page because of global settings.
But the problem is that if a space is set as anonymous accidentally by a client then that space is visible to all other clients(logged in user) which is a security breach for clients.So if this can be prevented then please let us know or if the anonymous option can be removed from the space permissions then please let us know.

If any body can let us know the UI component in which the space permissions section is visible so that from there we can remove the anonymous section     

6 answers

I would like to remove anonymous access as a choice for space admins as well...

You can use the query - DELETE FROM SPACEPERMISSIONS WHERE PERMGROUPNAME IS NULL AND PERMUSERNAME IS NULL AND SPACEID IS NOT NULL; to clear out any space-level anonymous permissions

In order to prevent space admins to grant this again, you can modify the page templates in the Confluence installation directory and remove the option from the space permissions page altogether.
For this, you will need to modify the following two files, please see the output of the diff commands respectively to see which lines to remove from each file:
<CONFLUENCE-INSTALL>/confluence/spaces/permissions/viewspaceperms.vm
diff viewspaceperms.vm viewspaceperms.vm.save
50a51,54
> <h2 class="steptitle">$action.getText('perms.anonymous')</h2>
> #if ($action.anonymousSpacePermissionWithoutGlobalPermission)
> #parse ("/spaces/includes/anonymous_access_warning.vm")
> #end
51a56,60
> <div class="stepdesc">
> $action.getText("space.anonymous.perms")
> </div>
>
> #showPermissions( ["a"] $action "false")
<CONFLUENCE-INSTALL>/confluence/spaces/permissions/editspaceperms.vm
diff editspaceperms.vm editspaceperms.vm.save
114a115,117
> <h2 class="steptitle">$action.getText('perms.anonymous')</h2>
> <div class="stepdesc">$action.getText('perms.anonymous.desc')</div>
> #showPermissions( ["a"] $action "true")

Please note that:

  • You will need to restart the instance so that the changes are picked up.
  • The modification will not survive an upgrade of the instance, so you will need to port these changes.

Thanks Ankur for the reply.

But this is more a hack than a solution... Do some "magic" in the DB and do some "hacks" on some templates that are overwritten again on an update isn't the way I want to go on our production environment...

A built-in solution from Atlassian would be much appreciated... I mean, shouldn't be too difficult to implement...

This is a solution provided by atlassian , no other way we have currently

I would like a better more native solution from Atlassian as well, possibly an additional option in their global permissions. 

0 votes

Hi Ankur, 

Is there an update on this request? Can you point me to feature request (if there is one yet) for global admins to be able to remove the anonymous permission option in spaces from the Atlassian as a built in solution and not as a "hack"?  We need to be able to remove several permission options from the space permission scheme so that our space admins don't accidentally grant other permissions such as making permission changes they don't understand or accidentally granting anonymous access.  It would be nice if global admins had more control over which permissions they want spaces and space admins to be able to control.  The check mark options just aren't enough.  We need to be able to disable, lock or completely remove from the space permission options. Thanks.

Also with the hard code solution you propose above, would we have to repeat this hack every time we upgraded on server instance? We host on prem. That option would be resource intensive.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

281 views 2 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you