What are the best practices with Confluence restricted pages regarding outsourcing?

We have sensitive information on our Confluence we don't want to share with anyone who has access to our instance.

Today each space administrator has his/her specific scheme to handle that. But now we want to standardize the "security" scheme of every space.

Has anyone any thought about this topic? any reference about best practices?

 

Thank you in advance

1 answer

1 accepted

Best practise is to create groups, with each group having view permissions to just the spaces that the people in that group should be able to view.

Add users to the appropriate group(s) in the User Management console.  Then they'll only be able to see the spaces that the group(s) they're a member of can view. 

Remember to remove the confluence-users groups from the permissions for each space, as this is the default group that everyone is a member of.

Thank you for your answer

A good very way to start the discussion smile

That way, you implement security at the space level.

 

But my concern is also about the security within the space.

I'm aware about page restrictions but I wonder how would you structure a confluence space to limit access to some "sub-spaces"

To structure a space so that people can only see parts of it you need to understand Confluence's inheritance and cascading structure.

Page permissions use inherited and cascading permissions.

"Inherited permissions" means pages you create inherit their permissions from their parent page.

"Cascading permissions" means changing a page's permissions will change the permissions of the existing child pages as well.

All new child pages inherit their permissions from their parent.

Changing the View permissions for a parent will cascade to all existing child pages, unless you've set specific permissions on those child pages individually.

Changing the Edit permission for a parent will NOT cascade to existing child pages. If you want to set Edit permissions on the child pages you'll have to do it on each page individually.

 

Does that cover what you want to do?

Yes, thank you for your insights

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Published 12 hours ago in Confluence

Think you know shares vs. @mentions in Confluence? Take this collab quiz.

To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...

95 views 2 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you