We have a Confluence deployment that, for the most part, uses AD groups and users. Recently we've been asked to provide access to our wiki to select vendor/partners. Within a particular space, we need to have our staff (all members of 'confluence_users') able to view & edit all pages. The vendor users should only be able to view specific pages (and not edit anything). The problem that I'm running into is that to pull this off, I have to have my staff set view restrictions on every page so that ourselves & the relevant vendor can view a page but no one else can.
The permissions for page 4 are easy. The ones for pages 1, 2, and 3, however, are tricky because users forget to do things like add their own group to the view restrictions when they create pages.
We don't want to have to create AD accounts for the vendors, and would rather manage them via local accounts. As such, I've set up a local group for each vendor, and have placed their respective users into said groups. In order to simplify the space permissions, I'd like to also add the 'confluence_users' group to the vendor-specific groups. This doesn't appear possible though, since nesting doesn't seem to be an option for the internal directory.
Short of either adding our vendors to our primary domain (basically a non-starter) or creating an LDAP instance on the wiki server to manage them, is there any (relatively) simple way to accomplish this?
For reference, we're running Confluence 5.5.4 on Linux.
Page-level restrictions do create a lot of busy work, but you can use inheritance to your advantage in this case.
Set the home page of each space to have edit restriction to the group(s). Then when a user creates a page, even if they set a view restriction for a specific user, all the people in all the groups with edit access of the parent page, will have view and edit access of the child page(s).
I'm not sure I follow you. The goal is to have all pages visible to confluence-users, with a subset visible to both vendor & confluence-users. In this space, vendor only has view permissions; nothing else. If I follow your instructions, I end up with a page that is hidden from everyone except the creator and the vendor group. No other member of confluence-users can see the page, despite them have edit rights across the board.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG