Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Share confluence space with external user with read only view / bug: external user able to edit Edited

If I share a confluence page to an external user, they receive an email about this, create an atlassian account, and can view the page. Any links on this page are also usable, meaning that they can essentially navigate the entire space. This is great. When navigating the space they do not have the ability to edit, with one exception...

So I went into Confluence and started editing a page. I copied the link to this editing page, thinking that I was just copying the normal page link, not realizing I was still in edit mode. I went into another Confluence page and created a link with the url I had copied. Since the url I copied was from the editing website, obviously upon clicking it I went directly to the page's editor. This is understandable given that I am a space admin and can edit. However, when an external user who I had shared this same page with clicked on the link, they too were able to edit, even though they have no other editing permissions otherwise. In theory it seems that anyone with access to the KB space who is able to "guess" the URL of the editing page has access to edit that page even if they normally would not.

Example: the website link I would like to share is https://myCompanyName.atlassian.net/wiki/spaces/servicedesk1/pages/1234567890/Name+Of+The+Page  Now if I share this link with an external user they cannot edit it. However if they were to visit the following URL they would be able to edit this page even if I had not shared this specific link with them https://myCompanyName.atlassian.net/wiki/spaces/servicedesk1/pages/edit-v2/1234567890  

I am a bit unsure as to how to change permissions for this confluence space for external users given this issue. In my opinion, this seems like an edge case and is probably a bug? I am assuming this is not meant to happen?

 

1 answer

1 accepted

0 votes
Answer accepted

Hi ,

When ever there is new user he might be added into "Confluence-users" group.

Please check the Space permissions 

does edit permission is enabled to "Confluence-users".

if yes 

created a new group for internal users to edit pages. enable edit permissions on pages to internal users group only.

Create a new group for external users. and add that group to space permissions and View permission only.

Thanks for the help. Even if they are set as view/read only they are still considered licensed users that one must pay for correct?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
Community showcase
Posted in Confluence Cloud

Please tell us how you use Confluence space settings

👋 Hi there, a few of us at Atlassian would love to learn about how you use "space settings" functionality in Confluence. A facelift to the space settings is long overdue and we want to start with im...

126 views 5 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you