It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Restrict viewing for Confluence Administrators?

TNTP Jul 24, 2011

Our Leadership Team would like to set up a private community within Confluence to discuss sensitive topics.

We are able to restrict the pages for regular staff, but not for people with Confluence Admin rights. These people can see all pages, even when they are not in the list to view the space or a specific page.

We also tried using a private community in the Community Bubbles plugin, but this is also visible to Confluence Admins.

Problem: Many people on the tech team have Confluence Administrator access but should not be able to see the information discussed by the Leadership Team.

Question: Is there a way to restrict Confluence Administrators from seeing specific pages?

6 answers

1 accepted

0 votes
Answer accepted
TNTP Aug 22, 2011

Here is what we did for the restricted space:

· Created an “Oops. That page is restricted” page to redirect to an unrestricted page in another space on the wiki.

· Installed Visibility plugin for {show-to} macro

· Modified restricted space layout:

o Added the following to the Header: {show-to:groups=confluence-administrators}

{html}<script>location.replace('http://DOMAIN/SPACEKEY/Oops.+Restricted+page')</script>{html}

{show-to}

Any confluence admin who needed access to the restricted space was removed from the confluence-administrators group, but retained sys admin privileges.

1 vote
Markus Pöhler Jan 10, 2019

I have managed to solve this as follows:

1. Create one dedicated Confluence User as global ADMIN account, name it however you want. 

2. Add this User to the global group CONFLUENCE-ADMINISTRATOR.

3. Login with this new user.

4. REMOVE any other user, that previously was a member of the group CONFLUENCE-ADMINISTATOR from the group CONFLUENCE-ADMINISTATOR. 

From now on the previous Admins, that arre usually authorized to manage users are just normal restrivted users without any admin previleges.

5. Go to the global settings -> "Global Permissions" page. 

6. Add the users that need elevated permissions to manage the confluence configuration and manage users & groups to the "individual users" pane and assign them the CONFLUENCE ADMINISTRATOR permission.

7. Logout and re-logon with one of the accunts you added the permission to in step 6. Now, this user has permission to manage setup, manage user accounts and group membership. BUT this user is NOT allowed to see or enter any SPACES or PAGES that he does not have explicitely permission to by adding the account or ANY group this account is member of to the space permissions. 

Conclusion: The CONFLUENCE-ADMINISTRATOR group has more previleges that pre-defined in the "Global Permission" page. There is something special about this group you can neither see or change. Individual users not member of this group but granted the "Confluence "Administrator" Permission in "Global Permission" Page have less previleges than this group has.

Disadvantage: The admin users defined this way have the ability to change all of that back again or add users to the CONFLUENCE-ADMINISTRATOR group and override this configuration. But if they are aware and don't, any spaces content is secured from previleged confluence users eyes as long they are not granted to access it.

:-)

Feedback if it works for you is appreciated.

Stéphane Gras Apr 16, 2019

Thanks for the info, I'm going to try that

Erik Ellingsson May 21, 2019

Thanks Markus for your description it was very valuable for me.

0 votes
Jon Cotter Jul 25, 2011

Try setting the view restrictions specifically on a page and see if that works. If you find that it does work for you, any child of that page will inherit its restrictions. I use this to prevent Admins from editing certain pages, not sure I have ever tried to restrict viewing though....

http://confluence.atlassian.com/display/DOC/Page+Restrictions

TNTP Jul 25, 2011

Yeah, that doesn't work, unfortunately.

I am assuming that the answer to my question is, "you can't restrict viewing for confluence admins," but I wanted to ask here just in case.

0 votes
Stephan Haslinger Oct 03, 2011

We had the same issue. Our admin users now have two seperate accounts. One with regular user rights and one with administration rights. They are asked to only login as admin when required.

So they won't see hidden pages by simply using Confluence.

0 votes
Sergey Svishchev Nov 10, 2013

Considering how many ways there are for tech team to view page content (f.e. run some SQL code against backend database), consider using something like https://marketplace.atlassian.com/plugins/net.customware.confluence.plugin.vault

0 votes
Steve Meier Aug 30, 2018

I figured it out. It's working now.

 

 Okay, I won't be that guy who says it's fixed and not tell you what he did to fix it.

Here's what I found, I can't explain why, but it works.

There is apparently a difference between the permissions of users in the local confluence-admins group vs an AD synced group with the same exact permissions.

For example, we have an admin group that i'm part of that has Personal Space, Create Space(s), Confluence Administrator, System Administrator permissions. 

The local confluence-admins group has the same permissions. 

If i'm logged in with my account, if I click on the padlock, I get taken to a page that says I must request permission to view this page. 

If i log in with the admin account we have in the local confluence-admins group and do the same thing, it take me to the page info and I can remove restrictions.

Another confluence admin and myself have been looking at it for the last 10 minutes speechless trying to figure out why in the world this works. 

 

Hope that helps some of you.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

6 Awesome Ways to Apply Trello, JIRA and Confluence to your Project

I attended  Atlassian Summit 2019  and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...

851 views 6 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you