Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence access for new user - Can log in, but gets "Not Permitted" when switching to confluence

Richard Boaz
Richard Boaz May 12, 2014

Looking around, I've seen this problem variously discussed and solved for both the installed and on-line versions. However, none point me to getting my version of the problem fixed.

Implementation Details:

  • I have subscriptions to Jira and Confluence apps only
  • I have created a new user: access is allowed only to Confluence app
  • I have created a new group and placed the new user into it
  • I have permissioned the group for access to specific spaces only

Problem Description:

When user logs in, the following observations, actions, symptoms and problems:

  • User is able to log in
  • Presented with Jira dashboard (even though user is not permissioned for Jira)
  • Selects Confluence
  • Receives message "Administration / Users \n Not Permitted \n You are not permitted to perform this operation"

What I tried:

  • re-indexing: no effect
  • Permissioning user also for Jira access: no effect
  • Chaging default applications for group to include Jira: no effect
  • googling all over, searching atlassian answers, etc: no effect

So, what's wrong with the above? How do I simply create a new user, add them to a new group, and successfully give them access to confluence?

Any and all help appreciated,

regards,

richard

Answer
Watch
Like Be the first to like this
10902 views

4 answers

2 votes
Alice
Alice September 22, 2016
  1. Under Confluence Administration, select General configuration
  2. Go to Global permissions and select Edit permissions
  3. In order to give a group browsing rights, under the Groups heading, search for the group.
  4. Click on Add to add the group. Leave Can use ticked. Grant other rights accordingly.
  5. In order to give a user browsing rights, under the Individual users heading, search for the user
  6. Click on Add to add the individual user. Leave Can use ticked. Grant other rights accordingly.
  7. Click on Save all to save your changes
  8. Note that the group or user must also be accorded rights in a space in order to see any content.
View More Comments
Akash Dubey
Akash Dubey January 24, 2018

Hi Alice,

I am facing the exact same problem that Richard faced. By adding a user to the Global Permissions page/list, we provide him/her access to all spaces. That's not what we want.

We have synced up the users through Active Directory, which includes contractors. We would like to give them access to certain spaces, not the entire site (all spaces). How do we achieve that?

Any help would be appreciated!

Cheers,

Akash

Like
Speedline
SpeedLine November 21, 2018

Alice's comment was very helpful. The "all staff" group we have doesn't have global permission, only specific department groups. A new group was created and assigned space permissions, but couldn't actually navigate anywhere after logging in because of the lack of global permissions for that new group.

Like
Reply
0 votes
Hiten
Hiten July 31, 2018

Hi All 

i am also having the same issue.

All our users are sync'd via LDAP but we want to provide and external user access to a particular space.

i have created the user and they can log in but get the "Not Permitted" page. 

i have tried various ways from adding individual permissions to the space as well as adding group permissions to the space. the only way to get it to work is to either add the group or individual to the global permissions but this then gives access to all spaces 

View More Comments
Hiten
Hiten August 9, 2018

Just an update

I was able to resolve this issue via the global permissions section

Like
Noni Khutane
Noni Khutane October 15, 2018

What exactly did you do?

Like
Hiten
Hiten October 15, 2018

Hi Noni,

Just to give you some detail on what our request was in case it's slightly different to yours.

I wanted to set up access to certain spaces for external users such as companies we are working with, contractors etc. I did not want to open up access to any of our other spaces as these hold confidential data.

Firstly I created a group called "External users" then under Global Permissions I added this group giving on "Can use" access and disabled access for Personal Space, Create Space, Confluence Admin, System Admin

Then I set the permissions on the space its self via Space Tools where you can set what the external users are allowed to do.

Finally, I invited the user and made sure they were only part of the group I had created.

 

Basically creating the group and applying the global permissions allow the user to log in and use confluence, they space tools permissions allow the user access to that particular space.

 

hope this all makes sense

Like
Christian Schild
Christian Schild July 1, 2019

Hey all,

I'm having a similar issue with confluence server and I can confirm that it is solvable but adding appropriate Global Permissions ("can use"-only).

My concern is, that this will use up a license. Can you/someone confirm that?

Which means, that by giving probably a whole bunch of users just browsing access (no editing possible!) it will burn up my licenses? Is that on purpose?

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 1, 2019

Yes, each account that can log in counts towards your usage.  Because they're using it.

Like
Christian Schild
Christian Schild July 1, 2019

Well, yes, I see you point and I'm fine with that.

It's just, we have accounts in LDAP/AD, that I don't want to use it, but they are able to authenticate. I'd strip them of every permissions within confluence, but they are still able to log on and in doing so, they only see an error screen and get two buttons they can't use either.

I'd prefer that those users without "can use" permissions would be treated at least the same as anonymous users and not to get completely blinded. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 1, 2019

If you've removed all their permissions, then they should get permission errors when doing almost anything.  You need to add them to the same permissions that you've granted anonymous to.

Like
Reply
0 votes
Richard Boaz
Richard Boaz May 13, 2014

Okay, I'm getting farther, but still am a bit confused about the underlying philosophy here and would like some further pointers where possible.

But first, what I did to get this working:

  • Originally I had the user defined as a member of a single group, which was not the group 'users'
  • Added this user to the 'users' group and everything now works as expected, login- and access-wise

However, what this means is that this individual user now has access to all of the Confluence spaces since by default, all spaces allow access to the group 'users'.

So I'm really confused as to how one goes about making one-to-one permissioning schemes between individual users and individual confluence spaces.

The way I currently understand it then, in order to achieve what I'd like, I need to:

  • Add any new individual user to group 'users', otherwise they can't access Confluence
  • Then, if I want to give them access to only a single Confluence space, I need to remove group 'users' from all other spaces, remembering to do this for every new space that gets created since this access is provided at creation of a new space.

Obviously I'd prefer a different method than to have to re-configure group access for all spaces (not fully knowing the broader implications of this before-hand).

Is there something I'm missing preventing me from doing this in a straight-forward manner?

All advice appreciated.

regards,

richard

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 12, 2014

Check the groups enabled for "Browse" in "Global permissions" in Jira.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events