Share confluence space with external user with read only view / bug: external user able to edit

Alexandra Bobrow (Instech) January 13, 2021

If I share a confluence page to an external user, they receive an email about this, create an atlassian account, and can view the page. Any links on this page are also usable, meaning that they can essentially navigate the entire space. This is great. When navigating the space they do not have the ability to edit, with one exception...

So I went into Confluence and started editing a page. I copied the link to this editing page, thinking that I was just copying the normal page link, not realizing I was still in edit mode. I went into another Confluence page and created a link with the url I had copied. Since the url I copied was from the editing website, obviously upon clicking it I went directly to the page's editor. This is understandable given that I am a space admin and can edit. However, when an external user who I had shared this same page with clicked on the link, they too were able to edit, even though they have no other editing permissions otherwise. In theory it seems that anyone with access to the KB space who is able to "guess" the URL of the editing page has access to edit that page even if they normally would not.

Example: the website link I would like to share is https://myCompanyName.atlassian.net/wiki/spaces/servicedesk1/pages/1234567890/Name+Of+The+Page  Now if I share this link with an external user they cannot edit it. However if they were to visit the following URL they would be able to edit this page even if I had not shared this specific link with them https://myCompanyName.atlassian.net/wiki/spaces/servicedesk1/pages/edit-v2/1234567890  

I am a bit unsure as to how to change permissions for this confluence space for external users given this issue. In my opinion, this seems like an edge case and is probably a bug? I am assuming this is not meant to happen?

 

2 answers

2 accepted

5 votes
Answer accepted
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 19, 2021

Hello @Alexandra Bobrow (Instech)  and @KAGITHALA BABU ANVESH ,

 

In Confluence Cloud you now have the possibility to use/configure Public Links. This way you can share content with external users without having to pay for extra license seats:

A public link is a special URL that directs to safe, view-only version of an individual Confluence page. The public link can be shared with anyone on the internet. This is a great way to share content with people like clients, vendors, and contractors without needing to pay for an extra seat on Confluence.

The ability to share public links is off by default. Only Confluence and site admins can allow public links in Confluence settings. With public links allowed, users will have the choice to disable or enable public links on individual Confluence pages.

 

For more details please see:

 

I hope this helps.

 

 

Cheers,
Dario

KAGITHALA BABU ANVESH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 19, 2021

Hi @Dario B ,

Thank you very much for the information. 

Very useful.

Alexandra Bobrow (Instech) January 21, 2021

Thanks Dario! This is really helpful. So glad to hear that this functionality exists!

Like Dario B likes this
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 21, 2021

You are both very welcome! :) 

This is a new feature, introduced not so long ago, so it is normal that is not well known yet.

In Cloud new features are released quite often and therefore I'd suggest, from time to time, to have a look at the documentation blog (or set yourself as a watcher) in order to be updated on any change that you might be interested about:

 

Another option is to check the Articles section here in the community for the monthly updates, like the below one:

 

Cheers,
Dario

Like # people like this
0 votes
Answer accepted
KAGITHALA BABU ANVESH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 13, 2021

Hi ,

When ever there is new user he might be added into "Confluence-users" group.

Please check the Space permissions 

does edit permission is enabled to "Confluence-users".

if yes 

created a new group for internal users to edit pages. enable edit permissions on pages to internal users group only.

Create a new group for external users. and add that group to space permissions and View permission only.

Alexandra Bobrow (Instech) January 15, 2021

Thanks for the help. Even if they are set as view/read only they are still considered licensed users that one must pay for correct?

KAGITHALA BABU ANVESH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 15, 2021

Yes

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events