Restrict the access of Confluence System administrators to sensitive data


We are using Confluence as our main information management system. We have different spaces for different projects or departments - like: development, marketing, sales, HR, IT, etc..

We want to encourage our users to use Confluence as the single source for all information - which is the goal of the wiki.

However, we are having an issue related to storing sensitive information in the Confluence, with which some of the departments deal/store. For example:

* the HR department would like to store employee profiles (incl. personal data, renumeration figures, bonuses, etc.) on the wiki;

* the marketing & sales departments would like to store their prospects, commercial information, on the wiki as well

* etc...

At the same time, it seems that the Confluence System administrators (who have System Administrator permissions) would be able to access each and every page within the Confluence, regardless of what permissions they have.

This is a real issue for the management, as this is preventing half of the organization to store their (sensitive) content on the wiki.

We know that it is possible to configure permissions for the system administrators so that they have only Confluence Administrator permissions, however this is not allowing them to access multiple important admin functionalities, so this is not a real option.

So, the questions is: How can we restrict the access of the Confluence System Administrators so they are not able to access some spaces or pages?

One idea would be to have the possibility to define per space encryption or password, which is known only to the users who are permitted to access the content. This way:

* The confluence administrators can see the space but without being able to see the content inside it

* At the same time the users who are allowed to see the space/pages (e.g. know the password used to encrypt them) will be able to provide the password and access the content within the space / pages

The above is just an idea about possible solution. Probably you might have a better idea how this can be solved.

In our opinion this is a a very essential feature for an enterprise wiki product.

We would be thankful to know your suggestion how to solve the above case.



PS: We have came across the Security and Encryption Plugin of Customware (, however it seems that the plugin allows only pieces of information (like passwords) to be encrypted. This is not a solution for the above case - imagine that the HR department have a personal profile of the employees where they keep on the page information like: Employee personal data, hiring history, performance evaluation notes, renumeration package, etc... Obviously there is a need to encrypt the page as a whole.

1 answer

0 votes
Peter Koczan Atlassian Team Nov 04, 2012


Unfortunately there is no such native functionality in Confluence that would allow you to restrict access of Confluence administrators for specific spaces. Even if there was, the content in the database would be stored as-is, so anyone with access to the database (or backups) would be able to see the sensitive data.

The best way to get around this is surely encryption and you are right on the plugin you have found, but as I have reviewed it's documentation it does not seem that only pieces of information can be encrypted. It can store a whole page encrypted, so this solution could be good for you, I suggest you to give it a try with an evaluation license of the plugin to see if it matches your needs.



Thanks Peter,

Based on my read of the documentation I don't see a way how one can encrypt a whole page with the Customware plugin. Even more - more convenient would be to be able to encrypt/protect a whole space - so that none of its content can be accessed by non-authorized users.

I am not sure if this can be easily solved by a plugin, as to have such a feature proporly implemented, one would need a support for this in the Confluence product. For example - if an authorized user is searching for a content - the results should include both non-encrypted and encrypted content. At the same time if a non-authorized user is searching - the results should not contain protected content. But maybe there is already a support for this in Confluence.

Another aspect of the problem is the permissions model of Confluence - currently there is an issue (CONF-4616) due to which users with System Administrator permissions can elevate their permissions to "Super users" (members of the "confluence-administrators") - thus gaining unlimited permissions to the system. This is a problem, because the "Super users" can see even the restricted pages of the system - which is OK. However, as the System Administrators also can become "Super users" on their own, they also can gain an easy access to the restricted pages - which is NOT OK.

Of course, people with access to the file system can restore the Confluence DB to another instance and get access to this data in such a way, but this is much more hassle compared to simply changing your permissions.

If this gets resolved, it will be easier to scale the administration of the Confluence between more poeple.



Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Organizing your space just got easier - Page Tree Drag & Drop is here

Hi Community! I’m Elaine, Confluence Product Manager. You may have read my earlier post about page tree in space navigation sidebar. I'm excited to share another improvement that helps you organize ...

98 views 3 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you