I want to grant the Create Space and Confluence Administrator global permissions to separate groups but it seems that when you create a new OnDemand user and check Confluence under Application Access that results in the user being added to all groups assigned a global permission unless the group has the Confluence Administrator permission. JIRA does not have the same problem as I have separate groups for the JIRA Administrators and Create Shared Objects permissions and new users are not automatically added to the latter group. It seems the reason for the difference is Confluence requires "can use" be checked for every group assigned a global permission (see below) but JIRA does not have the equivalent requirement that all groups with a global permission have the JIRA Users permission.
Has anyone seen a ticket on JAC that covers this issue in Confluence (I was surprised I couldn't find one)? Does anyone have a way around this problem (maybe somehow using a browser's developer tools on the Edit Global Permissions page)?
Yes Alexy that's what I did but I think it is only a next best option not a full solution. I've actually just found a way to get around the reason for the problem. In Confluence "can use" will be left unchecked for a group being assigned global permissions by making the below request (login handled by CLI) similar to what the UI is doing, assuming the group is not already assigned any global permissions (can be temporarily assigned to another group such as confluence-users to not be lost):
confluence -a renderRequest --requestType GET --request /admin/permissions/doeditglobalpermissions.action --requestParameters "confluence_checkbox_profileattachments_group_<group>=on&confluence_checkbox_updateuserstatus_group_<group>=on&confluence_checkbox_personalspace_group_<group>=on&confluence_checkbox_createspace_group_<group>=on&confluence_checkbox_administrateconfluence_group_<group>=on&groupsToAdd=&usersToAdd=&confirm=Save+all"
Now I can meet the initial goal with this workaround. To grant Create Space and Confluence Administrator global permissions to separate groups, eg confluence-admins and confluence-creators respectively, where a new OnDemand user given Confluence Application Access will not be automatically added to confluence-creators, temporarily assign Confluence Administrator permission to confluence-users and remove any other global permissions from confluence-admins and confluence-creators, then run the following:
confluence -a renderRequest --requestType GET --request /admin/permissions/doeditglobalpermissions.action --requestParameters "confluence_checkbox_administrateconfluence_group_confluence-admins=on&confluence_checkbox_personalspace_group_confluence-creators=on&confluence_checkbox_createspace_group_confluence-creators=on&groupsToAdd=&usersToAdd=&confirm=Save+all"
Technically, the above only needs to be done for confluence-creators since Confluence Administrator permission keeps new users from being added to confluence-admins.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG