Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict the access of Confluence System administrators to sensitive data

Georgi Mitov
Georgi Mitov November 3, 2012

Hi,

We are using Confluence as our main information management system. We have different spaces for different projects or departments - like: development, marketing, sales, HR, IT, etc..

We want to encourage our users to use Confluence as the single source for all information - which is the goal of the wiki.

However, we are having an issue related to storing sensitive information in the Confluence, with which some of the departments deal/store. For example:

* the HR department would like to store employee profiles (incl. personal data, renumeration figures, bonuses, etc.) on the wiki;

* the marketing & sales departments would like to store their prospects, commercial information, on the wiki as well

* etc...

At the same time, it seems that the Confluence System administrators (who have System Administrator permissions) would be able to access each and every page within the Confluence, regardless of what permissions they have.

This is a real issue for the management, as this is preventing half of the organization to store their (sensitive) content on the wiki.

We know that it is possible to configure permissions for the system administrators so that they have only Confluence Administrator permissions, however this is not allowing them to access multiple important admin functionalities, so this is not a real option.

So, the questions is: How can we restrict the access of the Confluence System Administrators so they are not able to access some spaces or pages?

One idea would be to have the possibility to define per space encryption or password, which is known only to the users who are permitted to access the content. This way:

* The confluence administrators can see the space but without being able to see the content inside it

* At the same time the users who are allowed to see the space/pages (e.g. know the password used to encrypt them) will be able to provide the password and access the content within the space / pages

The above is just an idea about possible solution. Probably you might have a better idea how this can be solved.

In our opinion this is a a very essential feature for an enterprise wiki product.

We would be thankful to know your suggestion how to solve the above case.

Thanks,

Georgi

PS: We have came across the Security and Encryption Plugin of Customware (http://www.customware.net/store/confluence/security_and_encryption_plugin.html), however it seems that the plugin allows only pieces of information (like passwords) to be encrypted. This is not a solution for the above case - imagine that the HR department have a personal profile of the employees where they keep on the page information like: Employee personal data, hiring history, performance evaluation notes, renumeration package, etc... Obviously there is a need to encrypt the page as a whole.

Answer
Watch
Like Miguel Botto likes this
730 views

1 answer

0 votes
PeterKoczan
PeterKoczan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 4, 2012

Hi,

Unfortunately there is no such native functionality in Confluence that would allow you to restrict access of Confluence administrators for specific spaces. Even if there was, the content in the database would be stored as-is, so anyone with access to the database (or backups) would be able to see the sensitive data.

The best way to get around this is surely encryption and you are right on the plugin you have found, but as I have reviewed it's documentation it does not seem that only pieces of information can be encrypted. It can store a whole page encrypted, so this solution could be good for you, I suggest you to give it a try with an evaluation license of the plugin to see if it matches your needs.

Cheers,

Peter

View More Comments
Georgi Mitov
Georgi Mitov November 9, 2012

Thanks Peter,

Based on my read of the documentation I don't see a way how one can encrypt a whole page with the Customware plugin. Even more - more convenient would be to be able to encrypt/protect a whole space - so that none of its content can be accessed by non-authorized users.

I am not sure if this can be easily solved by a plugin, as to have such a feature proporly implemented, one would need a support for this in the Confluence product. For example - if an authorized user is searching for a content - the results should include both non-encrypted and encrypted content. At the same time if a non-authorized user is searching - the results should not contain protected content. But maybe there is already a support for this in Confluence.

Another aspect of the problem is the permissions model of Confluence - currently there is an issue (CONF-4616) due to which users with System Administrator permissions can elevate their permissions to "Super users" (members of the "confluence-administrators") - thus gaining unlimited permissions to the system. This is a problem, because the "Super users" can see even the restricted pages of the system - which is OK. However, as the System Administrators also can become "Super users" on their own, they also can gain an easy access to the restricted pages - which is NOT OK.

Of course, people with access to the file system can restore the Confluence DB to another instance and get access to this data in such a way, but this is much more hassle compared to simply changing your permissions.

If this gets resolved, it will be easier to scale the administration of the Confluence between more poeple.

Cheers,

Georgi

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events