A few of us have full administrative access/rights to Confluence, yet someone was able to restrict a page that required permission to access. We cannot understand how that happened when we are supposed to be able to see all content no matter what, or at least that is what I understood on the site
The Confluence permission scheme allows the following levels of site administrator permissions:
Super user – A 'super user' belongs to the confluence-administrators group, has full administrative access to Confluence, and can see all the content.
Is there a setting we overlooked that someone can help me with to prevent this from happening, or is it supposed to be possible for someone to restrict a page even to full admins?
Thank you for any help you can provide! : )
The doc is misleading. Not quite "wrong", but the section you've quoted is misleading.
A user with admin rights has, well, admin rights. Not the ability to see and do anything. They can grant themselves the ability to see and do anything, but the admin right does not grant them any "browse" rights automatically. They still have to be given those rights in the space permissions. (And of course, they can see and edit the space permissions, as it's their job)
Interesting, thank you for clearing that up Nic and so quickly! : ) So, there's no way to prevent that type of restriction from the Admin group? Seems a little risky, when we also need to ensure content is following proper protocol, and what happens if that person up and leaves that has the restrictions set on that page?
I wish there was an over-riding setting that we could prevent that from happening. Perhaps Atlassian will hear me. : )
No, the point of the administrator's job is to administrate the system. If they're restricted from getting to parts of the system, they can't do that job.
If an a person leaves, that's exactly the case where you need your system admins to have admin rights - they can find and change the restrictions left behind.
This is not something that you'll find in any software. Your "root" admins can always do everything, one way or another. You have to trust your admins.
True, although the system admin has all the same permission and restrictions related rights. The system admin stuff is about looking after the server side (Which Cloud admins don't need)
And, of course, both types of admin can see and change page restrictions, irrespective of space permissions, because that's an admin right.
I thought we could set a View Restriction and ONLY those people could see the page exists and the content of the page - but if Admin was not on the list they could not see the content of the page
But the Admin could remove the Restriction as part of managing the stuff ups people make
That's why I said the docs are misleading - they don't say that, but it is right. The admins can't see the content of the restricted page (unless they are included in the restriction). But they can see that the page is there, and change the restrictions.
Jumping on with an additional question.
Nic, you said that admins can see that the page is there, and change the restrictions.
I was able to see a restricted page, but I did not see any way that I can change the restrictions. I had to request access and another user with permissions for that page was able to grant them to me.
What are the steps to remove/change those restrictions?
It takes a couple of steps. From the "Restricted Pages" tab (Space Tools > Permissions > Restricted Pages") click on either of the unlocked padlock icons (it doesn't matter which one). You will then be taken to the Page Information page for the restricted page. There should be a "Page Permissions" panel - click the unlocked padlock icon for the page permission you want to remove (if view and edit permissions are set, this time it does matter which one you select!).
This doesn't work for me. I'm on Cloud, have all Admin permissions. When I click any of the padlocks on the restricted page, I see the same "You can't access this page" message. I don't see a way to find the info or follow the rest of your steps.
As it stands, we have several "hidden" pages where users restricted them and left the company. Even our admins can't get to those pages. Total loss of data.
All due respect to the nuanced interpretation of "admin" to be about back-end and whatnot. Frankly, that's a cop-out for missing functionality that is 100% required to effectively administer Confluence.
For many of the pages in this space, the steps above work perfectly. I can get to the Information screen and update permissions so that I can see it. For some pages, though, when I click the padlock on the Restricted Pages screen, I just get this message:
This is because it's inheriting restrictions from a parent page. A space admin or the person who shared this page may be able to give you access.
The problem is that I have no idea where this page sits in our 10+ level-deep hierarchy, so I can't trace back to see where the permissions originate. I am a space admin, so I can see any unrestricted page, but somewhere there is a restricted page with sub-pages that I can't get to.
Even on the server version, page restrictions can be frustrating to deal with and I would always advise that people avoid using them unless you have a specific and deliberate purpose in mind (versus using them in an ad hoc fashion).
In the situation Joe is describing, where you as admin don't have access to a page, the child pages that inherit those permissions won't appear in the list of restricted page in Space Admin - it will only show the parent page and the page information for that parent page will only show the immediate child pages.
Personally, I would contact Atlassian Support for help in this situation.
The fact that you actually can MAKE CHANGES TO A SPACE THAT RESTRICTS YOU FROM SEEING - is your Admin Right privileges even though you were restricted initially.
While the same privilege is not available for non-admin users - they may not be able to see contents of restricted space AND also not able to do anything about it but ask an admin user :-).
Thank god that atleast SPACES are not HIDDEN :p - that would be a different situation altogether haha.
When I go to Space Settings -> Permissions tab -> Restricted Pages tab, I DO see all the restricted pages listed there. However, when I check the open padlock on the right side on any page that I do not have permission for, it does not let me continue and asks me to request access. I created this Atlassian account, I am in every single admin group.
How can I remove restrictions to these pages or at least give myself access?!
The answers in the thread are confusing @Basir Naqvi. If you are the Space admin and/or an admin, you need to remove all the restrictions for that page. That way you will be able to access.
By removing all the restrictions on a particular page for a space in which I am an admin (and I am also a site admin), I could *finally* have access to the page.
Thanks for the reply @Juan Porta. Unfortunately, if I understand correctly, the way to remove restrictions is to click the padlock. When I do so, I get a request access page.
I've begun to think this is a bug. To add even more permissions to make extra sure, I added myself as an individual with full permissions on the Space Settings page. Now, I can successfully click the padlock on SOME pages, and other pages still request access.
As a side note, this is a very poor method to do this. As pages can have highly sensitive information, and doing it this way opens them up to everyone. Albeit for a short time between removing the restrictions and adding them again with yourself included.
I figured it out. It's working now.
Okay, I won't be that guy who says it's fixed and not tell you what he did to fix it.
Here's what I found, I can't explain why, but it works.
There is apparently a difference between the permissions of users in the local confluence-admins group vs an AD synced group with the same exact permissions.
For example, we have an admin group that i'm part of that has Personal Space, Create Space(s), Confluence Administrator, System Administrator permissions.
The local confluence-admins group has the same permissions.
If i'm logged in with my account, if I click on the padlock, I get taken to a page that says I must request permission to view this page.
If i log in with the admin account we have in the local confluence-admins group and do the same thing, it take me to the page info and I can remove restrictions.
Another confluence admin and myself have been looking at it for the last 10 minutes speechless trying to figure out why in the world this works.
Hope that helps some of you.
Hi Community! 2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs