Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Setting up restrictions for users who you don't want to see 95% of the rest of the platform

Tim Milner
Tim Milner January 8, 2012

Hi. We are running Confluence 3.5.7 on our internal server. Only internal staff currently have access to this. However, a number of our teams need an external organisation to be able to see some (not all) of their work. However, it is important that this external organisation doesn't see anywhere else on the site, including the homepage. I wondered if you had any advice on the best way to approach this issue of letting in a group of users who shouldn't see about 90% of the site, but need to see certain pages. I am clear on how restrictions work on Confluence, but am curious as to how to approach this with the smallest amount of administrative headache possible.

Has anyone else approached this problem and are happy with their solution? Security is the most vital part of this, but it is also a must that the external organisation be able to see the pages that they need to see. Ideally, we would avoid the solution of having a separate space just for this external organisation, but instead give them access within each space to the pages they need to see. This, though, is where the administratiove headache comes in, with inherited restrictions, page-by-page management of restrictions etc.

Any advice?

Thanks,

Tim

Answer
Watch
Like Be the first to like this
314 views

1 answer

0 votes
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2012

Page by page will be a headache for sure. When you say external users, do these also need to NOT see each others contributions?

At AppFusions we make heavy use of the permission system but we do lean on spaces to make it easier. Basically you want it set up so that a default new user (say only in confluence-users group) will NOT see anything. Then it makes it a lot harder to accidently do it wrong and open it up when you don't want to

Then you would use separate groups to control access to the spaces.

You could do it with one space but that space would need to be visible to all at the top level and restricted down at each page. (Remembering page hierarchies and permissions will take affect)

Also, have also done a plugin that auto adds permissions to pages on create which can be useful if you think people will forget to set permissions etc..

View More Comments
Tim Milner
Tim Milner January 9, 2012

Hi Colin, thanks for your reply.

Yes, you are right that these external users need to not see each others' contributions. So this external organisation - let's call it EO - has a number of staff, all who work on different private projects in our organisation. They are software testers, essentially, so some work on Project A, others work on Project B, Project C, and so on; but those testing Product A shouldn't see the work that those working on Project B and Project C see.

I am currently testing in our pre-prod, and have three user groups for internal staff - confluence-administration (global), confluence-space (space admin), and confluence-users (default). I have created another group - confluence-external. To this group I have set their global permissions as Can See. Because each space within the Confluence instance has already got space permissions set up for all three internal groups, but not for the confluence-external group, this means that they currently cannot see anything. I think this is essentially what you mean when you say set up a default new group that can't see anything (correct me if I'm wrong).

To provide them with some semblance of access, I am trying various approaches - which is where my question comes in. My first scenario has been to create a single space to which I have granted them View (only) permissions in the Security area of Space Admin for that space. So they can now access this space. Within which I have created child pages from the home page of the space (a home/root page which they can all view), and on these child pages I have set page level view restrictions (which inherit) for each project. Again, seems to tally with what you suggest in second last paragraph.

So that is one way. And the other thing I wanted to try is to allow them access within existing project spaces, but only to certain pages. That, if I get you, is more of a headache, because I will need to set page level restrictions, and remember hierachies etc.?

Thanks, Tim

Like
Tim Milner
Tim Milner January 9, 2012

And I would be very intersted in the plugin you mention you have created. Could you send me a link, to make sure I get the right one?

Much appreciated,

Tim

Like
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2012

Email me (check my profile) and I'll send it to you. It isn't out yet as it was just a little util plugin that was built. Possibly we'll publish it on pac at some stage

Like
Tim Milner
Tim Milner January 10, 2012

Hi Colin. Your profile doesn't reveal an e-mail address for you, unfortunately. I sent you an invite via LinkedIn, and thought I could message you that way if we can connect.

Thanks,

Tim

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events