Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to set different different permissions within a large organisation easily?

I would like to setup a wiki for my team using confluence.

This needs to be internal only and therefore private. I would like members of my team to have editing rights, but all members of the organisation to have read rights.

Is this easily done considering the organisation is large? I have seen in other forum posts that users may need to be added individually, which is not an option here.



2 answers

We use a plugin called „Custom Space User Management (CSUM)“. It does two things. First it helps us to keep naming conventions for groups. Second it moves user management to the spaces. So space administrators can add or remove (existing) users from their spaces. 

Our naming convention is as follows:

For system access we have three groups

__conf-admin, __conf-user and __conf-user-ext. These groups decide whether a uses can login or not (member of __conf-user or __conf-user-ext). The difference is only if a user is an internal employee or an external partner. Users in __conf-admin have administrativ rights on system level. All (except a hand full of test users) user accounts actually are imported via LDAP. So we do not have to create users manually. In this level the group names start with double underscores. 

Then we have a second level. The space users. Each space has at least two groups starting with one underscore followed by the space key and closed by the “role” users have in this space. So we have a group _xxx-sa for space administrators and a group _xxx-se for space editors. Optionally there can be more groups like _xxx-manager or _xxx-finance. These additional groups are used for page restrictions only. The permission scheme of each space looks completely identical _xxx-se can read, write, delete stuff. _xxx-sa can the same as _xxx-se plus admin and export. All other (optional) groups can just read. Now that we have our groups we put users to these groups. At least one administrator (better two for redundancy) and many editors. This works quiet well for us. Then we train our space administrators how to add and remove users from their space using CSUM. As a system admin I only need to get involved when a user without a valid license should be added to one of the spaces. Then I just put this user into one of the __conf-xx groups. Done. 

CSUM ensures that the naming convention is kept and that space administrators can only modify groups that belong to their spaces. 

When you use Jira and Confluence together you can do it even better. Attach Jira to your LDAP to retrieve all user accounts. Then attach Confluence to the Jira embedded CROWD server. Now you have a common user base for both systems. With CSUM you can manage all groups in Confluence but use them in Jira also. So you can use _xxx-se in a Jira project put it in the role of a project user. When you stick to the principle one space one project, user administration works like a charm. 

0 votes

Hi @David Boulton 

welcome to this wonderful community!

Are you using cloud or server version of confluence? If you're running on-prem it's pretty easy to give different access options.

Please have a look on global permission and also space permissions. When you add all your team members to one group (e.g. confluence-users) you can give them writing permissions for spaces or even just for some sites.

For the rest of your company you can open your system for anonymous access (see global permission again).


Hope this could help you! Feel free to ask for more help.

Thanks a lot Fabienne. This answers my question well.

Like Fabienne Gerhard likes this

You're most welcome @David Boulton ! Please feel free to ask for further help if needed.

If my answer helped, you can also click on 'Accept answer' to help other people who browse for help to find it.

Thanks in advance

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence Cloud

🎨 Add some visual life to your templates

Hi Atlassian Community, My name is Avni Barman, and I am a Product Manager on the Confluence Cloud team. Based on feedback from you, we are giving admins more power to create templates that a...

75 views 1 1
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you