Hi. We are running Confluence 3.5.7 on our internal server. Only internal staff currently have access to this. However, a number of our teams need an external organisation to be able to see some (not all) of their work. However, it is important that this external organisation doesn't see anywhere else on the site, including the homepage. I wondered if you had any advice on the best way to approach this issue of letting in a group of users who shouldn't see about 90% of the site, but need to see certain pages. I am clear on how restrictions work on Confluence, but am curious as to how to approach this with the smallest amount of administrative headache possible.
Has anyone else approached this problem and are happy with their solution? Security is the most vital part of this, but it is also a must that the external organisation be able to see the pages that they need to see. Ideally, we would avoid the solution of having a separate space just for this external organisation, but instead give them access within each space to the pages they need to see. This, though, is where the administratiove headache comes in, with inherited restrictions, page-by-page management of restrictions etc.
Page by page will be a headache for sure. When you say external users, do these also need to NOT see each others contributions?
At AppFusions we make heavy use of the permission system but we do lean on spaces to make it easier. Basically you want it set up so that a default new user (say only in confluence-users group) will NOT see anything. Then it makes it a lot harder to accidently do it wrong and open it up when you don't want to
Then you would use separate groups to control access to the spaces.
You could do it with one space but that space would need to be visible to all at the top level and restricted down at each page. (Remembering page hierarchies and permissions will take affect)
Also, have also done a plugin that auto adds permissions to pages on create which can be useful if you think people will forget to set permissions etc..
Hi Colin, thanks for your reply.
Yes, you are right that these external users need to not see each others' contributions. So this external organisation - let's call it EO - has a number of staff, all who work on different private projects in our organisation. They are software testers, essentially, so some work on Project A, others work on Project B, Project C, and so on; but those testing Product A shouldn't see the work that those working on Project B and Project C see.
I am currently testing in our pre-prod, and have three user groups for internal staff - confluence-administration (global), confluence-space (space admin), and confluence-users (default). I have created another group - confluence-external. To this group I have set their global permissions as Can See. Because each space within the Confluence instance has already got space permissions set up for all three internal groups, but not for the confluence-external group, this means that they currently cannot see anything. I think this is essentially what you mean when you say set up a default new group that can't see anything (correct me if I'm wrong).
To provide them with some semblance of access, I am trying various approaches - which is where my question comes in. My first scenario has been to create a single space to which I have granted them View (only) permissions in the Security area of Space Admin for that space. So they can now access this space. Within which I have created child pages from the home page of the space (a home/root page which they can all view), and on these child pages I have set page level view restrictions (which inherit) for each project. Again, seems to tally with what you suggest in second last paragraph.
So that is one way. And the other thing I wanted to try is to allow them access within existing project spaces, but only to certain pages. That, if I get you, is more of a headache, because I will need to set page level restrictions, and remember hierachies etc.?
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs