how can I give view access to somebody only on a specific leaf page in my space?

This question is in reference to Atlassian Documentation: Page Restrictions

I want a user to see only one page in my space. That page is part of a  hierarchy of pages. Now: how can I restrict access higher in the parent hierarchy and still give access (because inherited access rights are always blocking access, even when I give specific access on the leaf page). 

 

I believe this system is rather problematic: it should be possible to restrict access higher in the tree, and give specific access lower.

6 answers

1 accepted

1 vote
Accepted answer
Thomas Schlegel Community Champion Mar 20, 2017

Hi Ronny, 

simple answer: you can't. No way. This was discussed a lot of time here in answers.

The only thing that might work is to put this page directly under the home page of the space and restrict all the other pages that are directly under the home page to the rest of your people.

But this is a hell of administration and very insecure. You have to restrict every single new top page of your space and never forget that...

So, I won't do that, if I could avoid it.

You are right Thomas. Not only it is bad, but stupid as well, because I would create more accounts for my partners, which can be monetized by atlassian.  Thank you your reply,. mu

I'm on board that it's a flaw in the design...

Here is my work-around, it's a pain sometimes but it works.  

I created a Generalized Space to house information for specific viewers and assign permissions for specific page views.  

Can you elaborate, please? I didn't understand your approach. I have same problem.

I also judge this way of "permission management" as insufficient. It equals the general rule for each space: "everything is allowed except for what is forbidden", i.e. a classical black list approach. For security reasons, we would prefer "everything is forbidden except for what is allowed", i.e. classical white list approach.

Is there a feature request that I can vote on to provide this feature?

I would propose to be able to switch per space between the black and white list approach. It would be ok, if a leaf page is marked as "allowed" for a user, that all the parent and grandparent etc. of this leaf in this space are automatically also "allowed", but no sisters, brothers, cousins, etc. ... in particular new sites shouldn't be accessible in whatever way by this user.

Insane :)

Maybe if you use the Include page macro on a page the user has rights to see, in that space, or a public space? I think that the Include Page macro only looks at the permissions of the source page, not its parents.

If it works, you can leave the leaf page where it is, and have a mirror of the page elsewhere, possibly a public space.

OR you have to turn the problem around, and have the source page in a public area, and then include into your private hierarchy. Yes, it is a bit cumbersome, but you only have the content controlled in one location. And if they are in separate spaces, you can keep your space secure.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,035 views 15 13
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you