A few of us have full administrative access/rights to Confluence, yet someone was able to restrict a page that required permission to access. We cannot understand how that happened when we are supposed to be able to see all content no matter what, or at least that is what I understood on the site
The Confluence permission scheme allows the following levels of site administrator permissions:
Super user – A 'super user' belongs to the confluence-administrators group, has full administrative access to Confluence, and can see all the content.
Is there a setting we overlooked that someone can help me with to prevent this from happening, or is it supposed to be possible for someone to restrict a page even to full admins?
Thank you for any help you can provide! : )
The doc is misleading. Not quite "wrong", but the section you've quoted is misleading.
A user with admin rights has, well, admin rights. Not the ability to see and do anything. They can grant themselves the ability to see and do anything, but the admin right does not grant them any "browse" rights automatically. They still have to be given those rights in the space permissions. (And of course, they can see and edit the space permissions, as it's their job)
Interesting, thank you for clearing that up Nic and so quickly! : ) So, there's no way to prevent that type of restriction from the Admin group? Seems a little risky, when we also need to ensure content is following proper protocol, and what happens if that person up and leaves that has the restrictions set on that page?
I wish there was an over-riding setting that we could prevent that from happening. Perhaps Atlassian will hear me. : )
No, the point of the administrator's job is to administrate the system. If they're restricted from getting to parts of the system, they can't do that job.
If an a person leaves, that's exactly the case where you need your system admins to have admin rights - they can find and change the restrictions left behind.
This is not something that you'll find in any software. Your "root" admins can always do everything, one way or another. You have to trust your admins.
True, although the system admin has all the same permission and restrictions related rights. The system admin stuff is about looking after the server side (Which Cloud admins don't need)
And, of course, both types of admin can see and change page restrictions, irrespective of space permissions, because that's an admin right.
I thought we could set a View Restriction and ONLY those people could see the page exists and the content of the page - but if Admin was not on the list they could not see the content of the page
But the Admin could remove the Restriction as part of managing the stuff ups people make
That's why I said the docs are misleading - they don't say that, but it is right. The admins can't see the content of the restricted page (unless they are included in the restriction). But they can see that the page is there, and change the restrictions.
Jumping on with an additional question.
Nic, you said that admins can see that the page is there, and change the restrictions.
I was able to see a restricted page, but I did not see any way that I can change the restrictions. I had to request access and another user with permissions for that page was able to grant them to me.
What are the steps to remove/change those restrictions?
It takes a couple of steps. From the "Restricted Pages" tab (Space Tools > Permissions > Restricted Pages") click on either of the unlocked padlock icons (it doesn't matter which one). You will then be taken to the Page Information page for the restricted page. There should be a "Page Permissions" panel - click the unlocked padlock icon for the page permission you want to remove (if view and edit permissions are set, this time it does matter which one you select!).
This doesn't work for me. I'm on Cloud, have all Admin permissions. When I click any of the padlocks on the restricted page, I see the same "You can't access this page" message. I don't see a way to find the info or follow the rest of your steps.
As it stands, we have several "hidden" pages where users restricted them and left the company. Even our admins can't get to those pages. Total loss of data.
All due respect to the nuanced interpretation of "admin" to be about back-end and whatnot. Frankly, that's a cop-out for missing functionality that is 100% required to effectively administer Confluence.
For many of the pages in this space, the steps above work perfectly. I can get to the Information screen and update permissions so that I can see it. For some pages, though, when I click the padlock on the Restricted Pages screen, I just get this message:
This is because it's inheriting restrictions from a parent page. A space admin or the person who shared this page may be able to give you access.
The problem is that I have no idea where this page sits in our 10+ level-deep hierarchy, so I can't trace back to see where the permissions originate. I am a space admin, so I can see any unrestricted page, but somewhere there is a restricted page with sub-pages that I can't get to.
Even on the server version, page restrictions can be frustrating to deal with and I would always advise that people avoid using them unless you have a specific and deliberate purpose in mind (versus using them in an ad hoc fashion).
In the situation Joe is describing, where you as admin don't have access to a page, the child pages that inherit those permissions won't appear in the list of restricted page in Space Admin - it will only show the parent page and the page information for that parent page will only show the immediate child pages.
Personally, I would contact Atlassian Support for help in this situation.
The fact that you actually can MAKE CHANGES TO A SPACE THAT RESTRICTS YOU FROM SEEING - is your Admin Right privileges even though you were restricted initially.
While the same privilege is not available for non-admin users - they may not be able to see contents of restricted space AND also not able to do anything about it but ask an admin user :-).
Thank god that atleast SPACES are not HIDDEN :p - that would be a different situation altogether haha.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs