Page restrictions versus Permissions Edited

Problem/situation

A user, who happens to also be a site-admin next to me, has created a page with page restrictions. Another user asked me to give her access and even though I appear to have the right permissions for the space as well as I am (member of) site-admin, I cannot give her access.

On the other hand, when following the procedure to remove restrictions from the Restricted page tab in the Space admin, it even gets worse. When clicking on the padlock of a user that has already been given access by another person who has access rights to the restricted page - the access get removed. So instead of giving people access it gets removed and I can't add/remove users myself either nor can I access the page.

 

Has anyone experienced this similar problem? What am I doing wrong, if so? The question is in particular relevant now because we are going to deploy a Space admin/Site-admin structure soon.

I have also filed a ticket because it is for behaviour that is not consistent with the specs for as much as they have been described by Atlassian here:

https://confluence.atlassian.com/confcloud/permissions-and-restrictions-724765432.html

 

In addition: the usergroup system-administrators exist on the Global Permissions tab yet cannot be added to my user. Would the system-administrator have different/more rights than the administrators or site-administrators and have the rights to give people access to a page?

Answer to the above paragraph: no, this permission is only granted to Atlassian staff who administer your Confluence instance.

Screen Shot 2017-08-30 at 15.00.55.png

2 answers

Answer/solution to above question, after some research by myself:

https://community.atlassian.com/t5/Confluence-questions/Counterintuitive-space-permissions-page-restrictions/qaq-p/346818

In other words, I removed all the users that had access to the restricted page so the page became unrestricted. Then I added the users that needed access again.

Even though this is a solution to the problem it is by my standards not the right way. If users (accidently) create restricted pages - which cannot be limited from user admin perspective nor permission perspective this 'work around' would be needed to repair that.

 

Anyone with a similar or different opinion on this subject out there?

Thomas Schlegel Community Champion Aug 30, 2017

Hi Stephane,

what are your permissions in the space? Do you have just admin permissions or also viewing / edit permission ? 

If you only have admin permission, I think, you can't remove the lock from the page.

I think, the right way of doing that would be: 

  • forward the access request to the user who locked the page, since he has to decide whether the request is fine
  • if he is not available, click on the link of the page in your list of restricted pages, add yourself to the restrictions and maybe also the user who requested 

Hi Thomas,

Thanks for your reply. I have both from Groups as Individual user perspective rights to Add/delete Restrictions for this space as far as I can see as pictured below.

The right way you suggest is indeed a solution but I think it shouldn't be needed because it is inconsistent with the rights I should have.

Adding myself to the restrictions is not possible, because I am not allowed or able to edit the restrictions even as an admin.

As the matter of fact, I am able to delete yet not to add users I have discovered.

I hope this clarifies the problem a little bit further?

Screen Shot 2017-08-30 at 18.07.22.png

Thomas Schlegel Community Champion Aug 31, 2017

Thank you for the screenshots. I think, it is a social problem, not a technical one. A page restriction should prohibit any user from watching a page instead the ones, who have the permission.

Any user means: also admin users.

So, if your co-admin restricts a page, she / he thinks noone except these named persons should see the page.

In the emergency case, you as space administrator are able to break the lock. But since this is just an emergency solution, you don't have the possibility to add more users to a page restricted by anyone else.

I agree with your remark as social (or 'behind-the-keyboard') problem in that sense.

But this is a subject (restrictions, rights, groups and users) that is very complex in any application because the cross-sections of sets of users can create complexities that become too complex to manage. Usually, simple is better and 99% effective. 

However, in my opinion site-admin with all rights to add/delete Restrictions should be able to add/remove users from the Restricted page groups - both on user level (add/remove users) and page levels (add/remove restrictions). In that sense one would expect to be able to do that when one has these rights or do you disagree?

Thomas Schlegel Community Champion Aug 31, 2017

You're right, this is a complex subject. There are good arguments for both opinions.

But I still think, the "owner" of a page has to add all restrictions and anyone who wants to see his page, has to ask him, not any other admin.

Breaking all the locks is a security issue also. But that is just meant for pages that are not accessible any more without breaking the lock by an admin. 

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

2,916 views 27 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you