Is there a way to secure documents in confluence to prevent someone from viewing or downloading the document? We would like to secure a page/space and the attachments on that page but still allow others to have access to other pages on that site. We have an HR space where HR keeps general content for the company (tavel, 401k, etc) They also want to keep performance reviews on their space for managers to keep track of their employees (they upload the reviews as doc). We can restrict the page, but the site also has the 'attachments' page and we can see the documents. Any way to lock this down or suggestions on a way to secure this content?
You can set space permissions that will apply to the whole space, and/or you can set specific page restrictions that will only apply to one page. Page restrictions include the attachments, so if (for example) you created an "HR Group" of users, and only gave that Group view permissions to a page, only they could see the page and attachments. You can read more about page restrictions here.
I should have been more specific, the challenge is that the Confluence Admin still has Super User rights to view anything in Confluence. There seems to be no way of granting of admin rights that would be granular enough to flexibly disallow the Confluence Admin from viewing a secure Space.
If you set a parent page to have certain people in the Page View Restrictions but exclude the Space Admin person, I am almost 100% certain that even the admin person can't see the content - they might be able to see the page exists but not the actual page.It is simple to check on a test page in your space. Let me know if my understanding is wrong.
There are 2 types of admin: Confluence admins, who administer the ins and outs of Confluence, and site admins, who administer all of your Atlassian products and, most importantly for your question, deal with user management. You can also have, for example, JIRA admins who administer JIRA but not Confluence. But site admins are the only ones with user management privileges for your Atlassian instance, no matter what Atlassian products you have.
Confluence admins and site admins are both members of the admin group. Site admins are also members of the site-admin group. Only members of the site-admin group can access user management. (The reason for explaining this will become clearer later on.)
By default, every new space gives standard view and edit privileges to the confluence-users group (the default group that every user is automatically put into when their Confluence account is created) and space admin privileges to the admin group.
To resolve your problem:
This will allow only members of the secure group to view the space, and only the selected people (or admin group) to whom you've given admin privileges to administer the space.
This is where you'll have a problem: Site administrators won't be able to access the space through normal methods, i.e. they won't be able to see it in the space directory, and if they follow a link to it they'll be blocked from viewing it. But site administrators can go into user management and log in as any user they want. This is to allow them to trouble shoot problems, or - a very common use - remove permissions from spaces and pages that have been applied by users who've left. They can also see and manage permissions for all spaces from a central console. This is absolutely standard, normal admin functionality for an enterprise application. The site admins should be people with high levels of infosec knowledge, and very trustworthy. Otherwise, why are they allowed to have that level of power? You probably only have a very small number of site-admins, and if they're part of your IT team they can already access everyone's email, computers, shared drives and so on. Realistically, it's not possible to create a space that a site-admin can't find some way of getting into if they really wanted, because if necessary they could contact Atlassian and ask them to amend the permissions. But that's their job
Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time! We're looking for people to participate in a remote 1-hr workshop...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs