How to Work with Sensitive Data in Confluence

September 4, 2019
#Confluence#Case Study#How To
6 min
count lines of code in Bitbucket

Today we continue to browse the Atlassian Community and help its members to adjust Confluence to their needs. In our previous blog post, we answered several questions related to Confluence templates. This article will cover all the tricky cases that you can face while working with page restrictions in Confluence.

How to protect sensitive data from unauthorized access

Imagine that your company uses Confluence to create multiple documents. Some data (for example, shared passwords, salary account details, etc.) is confidential and shouldn’t be available to everybody.

You’ve heard that Confluence allows you to restrict certain users from viewing single pages. So, you are determined to hide your new page from everybody but your colleague Erin Lee.

How do page restrictions work?

Page restrictions allow you to prevent certain users or groups from viewing or editing pages. If you can’t view a page, than you won’t find it in the page tree. If you can’t edit a page, than you won’t see the “Edit” button.

View restrictions are inherited: a restriction applied to one page will cascade down to its child pages. You can always check the restrictions dialog to see if there are any inherited restrictions that might affect who can view your page.

Edit restrictions are not inherited and should be applied manually to every single page.

How to request access to a restricted page?

You can request permission to view a restricted page if somebody shares it with you or you go to the page directly via a URL. In Confluence versions up to 6.7, the last editor of the page will be notified about your request. If you are using newer Confluence versions, up to five users with the ability to grant access permissions will get this notification.

There are some cases when the request access message doesn’t appear:

  • The page has inherited view restrictions from a parent page.
  • You don’t have the permission to view this space.
  • Your Confluence instance doesn’t have a mail server set up, so your request can’t be sent any further.

What permissions do you need to apply page restrictions?

To add or remove page restrictions, you need to have both the Add pages and Restrictions permissions that can be assigned to you by the space administrator. If you have the Spaсe admin permission yourself, you can easily work with page restrictions.

Can you hide pages from administrators?

The short answer is “no”.

There are two categories of users that can view all the pages in your Confluence instance, regardless of space permissions or page restrictions:

  • the System administrator;
  • members of the default confluence-administrators group. Generally, your Confluence administrators belong to this group.

Note that space administrators can remove page restrictions and view the content of all pages in their space.

Time to practice

As you’ve learned the basics, let’s return to your task. Imagine that you need to develop a new secret project related to biscuits and their production. Only you and your colleague Erin Lee will have access to the corresponding page. Here it is – look how attractive your content is. The required information is structured and visualized with the help of different Confluence macros, so feel free to use them while creating your own real-life documents.

All you have to do is to set the required page restrictions.

Now only you and Erin can access the “Biscuits” page, but it will just disappear for your other colleagues.

Take our Quick Start with Confluence Training Course

If you want to boost your productivity in Confluence, create well-organized and attractive pages, cope with everyday issues and routine tasks more effectively, watch our free Quick Start with Confluence training course. Follow our tutorials and learn more about the most common real-life use cases.