Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Page restrictions versus Permissions

Stéphane Veraart (Devoteam)
Stéphane Veraart (Devoteam) August 30, 2017

Problem/situation

A user, who happens to also be a site-admin next to me, has created a page with page restrictions. Another user asked me to give her access and even though I appear to have the right permissions for the space as well as I am (member of) site-admin, I cannot give her access.

On the other hand, when following the procedure to remove restrictions from the Restricted page tab in the Space admin, it even gets worse. When clicking on the padlock of a user that has already been given access by another person who has access rights to the restricted page - the access get removed. So instead of giving people access it gets removed and I can't add/remove users myself either nor can I access the page.

 

Has anyone experienced this similar problem? What am I doing wrong, if so? The question is in particular relevant now because we are going to deploy a Space admin/Site-admin structure soon.

I have also filed a ticket because it is for behaviour that is not consistent with the specs for as much as they have been described by Atlassian here:

https://confluence.atlassian.com/confcloud/permissions-and-restrictions-724765432.html

 

In addition: the usergroup system-administrators exist on the Global Permissions tab yet cannot be added to my user. Would the system-administrator have different/more rights than the administrators or site-administrators and have the rights to give people access to a page?

Answer to the above paragraph: no, this permission is only granted to Atlassian staff who administer your Confluence instance.

Screen Shot 2017-08-30 at 15.00.55.png

Answer
Watch
Like Be the first to like this
429 views

2 answers

0 votes
Stéphane Veraart (Devoteam)
Stéphane Veraart (Devoteam) August 31, 2017

I agree with your remark as social (or 'behind-the-keyboard') problem in that sense.

But this is a subject (restrictions, rights, groups and users) that is very complex in any application because the cross-sections of sets of users can create complexities that become too complex to manage. Usually, simple is better and 99% effective. 

However, in my opinion site-admin with all rights to add/delete Restrictions should be able to add/remove users from the Restricted page groups - both on user level (add/remove users) and page levels (add/remove restrictions). In that sense one would expect to be able to do that when one has these rights or do you disagree?

View More Comments
Thomas Schlegel
Thomas Schlegel
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 31, 2017

You're right, this is a complex subject. There are good arguments for both opinions.

But I still think, the "owner" of a page has to add all restrictions and anyone who wants to see his page, has to ask him, not any other admin.

Breaking all the locks is a security issue also. But that is just meant for pages that are not accessible any more without breaking the lock by an admin. 

Like
Reply
0 votes
Stéphane Veraart (Devoteam)
Stéphane Veraart (Devoteam) August 30, 2017

Answer/solution to above question, after some research by myself:

https://community.atlassian.com/t5/Confluence-questions/Counterintuitive-space-permissions-page-restrictions/qaq-p/346818

In other words, I removed all the users that had access to the restricted page so the page became unrestricted. Then I added the users that needed access again.

Even though this is a solution to the problem it is by my standards not the right way. If users (accidently) create restricted pages - which cannot be limited from user admin perspective nor permission perspective this 'work around' would be needed to repair that.

 

Anyone with a similar or different opinion on this subject out there?

View More Comments
Thomas Schlegel
Thomas Schlegel
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 30, 2017

Hi Stephane,

what are your permissions in the space? Do you have just admin permissions or also viewing / edit permission ? 

If you only have admin permission, I think, you can't remove the lock from the page.

I think, the right way of doing that would be: 

  • forward the access request to the user who locked the page, since he has to decide whether the request is fine
  • if he is not available, click on the link of the page in your list of restricted pages, add yourself to the restrictions and maybe also the user who requested 
Like
Stéphane Veraart (Devoteam)
Stéphane Veraart (Devoteam) August 30, 2017

Hi Thomas,

Thanks for your reply. I have both from Groups as Individual user perspective rights to Add/delete Restrictions for this space as far as I can see as pictured below.

The right way you suggest is indeed a solution but I think it shouldn't be needed because it is inconsistent with the rights I should have.

Adding myself to the restrictions is not possible, because I am not allowed or able to edit the restrictions even as an admin.

As the matter of fact, I am able to delete yet not to add users I have discovered.

I hope this clarifies the problem a little bit further?

Screen Shot 2017-08-30 at 18.07.22.png

Like
Thomas Schlegel
Thomas Schlegel
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 31, 2017

Thank you for the screenshots. I think, it is a social problem, not a technical one. A page restriction should prohibit any user from watching a page instead the ones, who have the permission.

Any user means: also admin users.

So, if your co-admin restricts a page, she / he thinks noone except these named persons should see the page.

In the emergency case, you as space administrator are able to break the lock. But since this is just an emergency solution, you don't have the possibility to add more users to a page restricted by anyone else.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events