Is it possible to nest groups in the internal directory?

We have a Confluence deployment that, for the most part, uses AD groups and users.  Recently we've been asked to provide access to our wiki to select vendor/partners.  Within a particular space, we need to have our staff (all members of 'confluence_users') able to view & edit all pages.  The vendor users should only be able to view specific pages (and not edit anything).  The problem that I'm running into is that to pull this off, I have to have my staff set view restrictions on every page so that ourselves & the relevant vendor can view a page but no one else can.

For example,

  • Page 1 - staff + vendor a
  • Page 2 - staff + vendor b
  • Page 3 - staff + vendor a + vendor c
  • Page 4 - staff only

The permissions for page 4 are easy.  The ones for pages 1, 2, and 3, however, are tricky because users forget to do things like add their own group to the view restrictions when they create pages.

We don't want to have to create AD accounts for the vendors, and would rather manage them via local accounts.  As such, I've set up a local group for each vendor, and have placed their respective users into said groups.  In order to simplify the space permissions, I'd like to also add the 'confluence_users' group to the vendor-specific groups.  This doesn't appear possible though, since nesting doesn't seem to be an option for the internal directory.

Short of either adding our vendors to our primary domain (basically a non-starter) or creating an LDAP instance on the wiki server to manage them, is there any (relatively) simple way to accomplish this?

For reference, we're running Confluence 5.5.4 on Linux.

Thanks,

2 answers

This widget could not be displayed.

Page-level restrictions do create a lot of busy work, but you can use inheritance to your advantage in this case.

Set the home page of each space to have edit restriction to the group(s). Then when a user creates a page, even if they set a view restriction for a specific user, all the people in all the groups with edit access of the parent page, will have view and edit access of the child page(s).

I'm not sure I follow you. The goal is to have all pages visible to confluence-users, with a subset visible to both vendor & confluence-users. In this space, vendor only has view permissions; nothing else. If I follow your instructions, I end up with a page that is hidden from everyone except the creator and the vendor group. No other member of confluence-users can see the page, despite them have edit rights across the board.

I'm afraid I assumed you had given confluence-users space permission. Please try that.

Which space permissions? Confluence-users currently has view, add pages, add comments, and add attachments. Vendors only has view and add comments.

This widget could not be displayed.

Okay, just to be clear:

  1. On the space, give confluence-users add permissions and the vendors read and comment permissions
  2. On the home page of the space, give confluence-users edit restriction
  3. After creating a page, give the vendor view restriction

 

I'm sorry, but that doesn't work. Following the instructions, I end up a page that has view rights restricted to vendor and myself. Other members of confluence-users cannot see the newly-created page. Is this something that requires a newer version than 5.5?

In step 3 above, try giving the vendor *edit* restriction (remove view restriction).

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published Jul 30, 2018 in Confluence

How Manon Soubies-Camy uses Confluence + Trello to organize webinar notes and her knitting stash

@Manon Soubies-Camy is an engineer who has been an avid Atlassian user since 2014. She helps companies of all sizes transform the way they work with the Atlassian stack, including Jira and Confl...

858 views 8 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you