Atlassian Confluence How To

Unravelling the Mystery of Confluence-Administrators Group

We continue our blog series for Confluence users and administrators.

If you are here for the first time, you can check our post featuring several useful resources to consider when looking for the best way to learn Confluence essentials. And if you deal with space administration in Confluence, you can learn about a cool hack to make your space read-only in one click.

Today we will dig deeper into Confluence permission management. You will discover why members of confluence-administrators group are also known as super users.

We will show you how users with different permission sets manage the same situation when they need to view the restricted page:

  • Space administrator vs restricted content.
  • System administrator vs restricted content.
  • Confluence-administrators group vs restricted content.

So let’s unravel the mystery of confluence-administrators group.

Confluence super users

Confluence recognizes two types of administrator:

  • System administrator that has the complete control of all administrative functions.
  • Confluence administrator that can manage users and groups.

The confluence-administrators group is a default group with both system administrator and confluence administrator permissions you can’t change in the administration console. So it means that the members of this group are super users.

System administration is their job that’s why they must have access to all parts of the system. By default they don’t have the ability to see the restricted content and do anything with it. However, they can grant themselves any permission they need.

We will tell you more about one of the default permissions that is not so evident for Confluence users and might be not fully explored by the members of confluence-administrators group. Let’s see how it works.

Issue overview

For example, John Smith who was a member of sales department is no longer working in the company. John was also a space administrator of the space called Sales&Marketing.

The head of sales department is another space administrator of Sales&Marketing. She knows that John should have prepared one more report on smartphone sales. However, she doesn’t see this report. So she wants to check if there is any restricted content in this space.

Space administrator vs restricted content

She opens the space settings clicking the Space tools tab in the bottom left corner of the screen. She needs to choose the Permissions tab. After that she opens the tab called Restricted Pages. When she tries to open the restricted page, Confluence informs her that she doesn’t have permission to view it.

But actually she can open the restricted page. For that purpose she needs to return to the Restricted Pages tab and click the unlocked padlock icon in the View line. The padlock icon in the Edit line will again redirect her to the page she saw before.

Confluence redirects her to the page information. To view the content she needs to click the View Page button.

Here is the report on smartphone sales!

This way the space administrator automatically removes all restrictions.

System administrator vs restricted content

Now let’s check how the system administrator solves the problem with the restricted content.

In this case a person from the management team doesn’t have space administrator permissions. So the management team asks the system administrator to check the content.

We will show you the example when the system administrator is not a member of any group in Confluence. She has all administrative functions as a separate user. The confluence-administrators group has the same permissions.

The first thing she needs to do is to grant herself the space permissions. She opens the Space permissions tab of the administrative console and clicks the Recover Permissions button in front of the required space.

After that she can manage the space permissions. She opens the Restricted Pages tab in the space tools and performs the same manipulations as the space administrator did.

This means that the system administrator also automatically makes the restricted content available for everyone.

Confluence-administrators group vs restricted content

OK, now let’s see the restricted content through the eyes of the super user. The management team asks the Confluence administrator to check if there is a report on smartphone sales in the space Sales&Marketing.

The Confluence administrator is a member of confluence-administrators group that can view absolutely all content in Confluence in the page tree of any space. However, when users create pages and set viewing restrictions the members of confluence-administrator won’t see this page in the updates on the dashboard.

Now let’s get back to the issue. Of course, in this case the Confluence administrator can open the space tools and act like we have already described.

But he sees all restricted pages right in the space. So he opens the space content and finds the restricted page called Smartphone sales 2016 in the page tree.

He clicks the padlock icon to check the restrictions applied to this page.

When John created this page, he wanted to be the only viewer and editor of this document. Andrew is a super user and can grant himself or any other user permission to view and edit the page.

So in this particular case he chooses No restrictions, clicks Apply, and reloads the page. After that the head of sales department and other users from the sales-dept group have access to this page.

Resume

Now you know that space administrators and system administrators can remove all page restrictions using the Restricted Pages tab.

All members of confluence-administrators group can view restricted pages by default with no need to open the space tools. They can grant permissions to certain users if required, unlike space administrators and system administrators.

So this feature can be useful when an employee leaves the company and your management team needs to find and change the restrictions left behind.

If you want to learn more Confluence tips and hacks, subscribe for email notifications about new posts in our blog (enter your email in the ‘Newsletter’ section on the sidebar).

If you have any questions, feel free to comment on this blog post.