How to Hide Content on a Page in Atlassian Confluence

November 20, 2018
#How To#Confluence
6 min

Confluence has proved to be one of the leading software for team collaboration and content management. This platform is a perfect combination of a document storage and wiki site where all team members can easily create, review, update, and share content. Various sets of permissions and restrictions help you differentiate access to sensitive information thereby taking your business to the next level.

Today, we continue our blog post series that highlights permission and security tips and tricks for Confluence users.

It’s easy to get lost in tons of documentation, searching for the information you need right away. That’s why we prepared our pick of the most useful topics that will help you quickly answer the following Confluence administration questions:

We’ve chosen the top-rated apps from the most reliable Atlassian vendors that will help you boost your Confluence administration skills. We’ve already told you about the SU for Confluence app from The Plugin People. It allows you to quickly access account of any Confluence user and troubleshoot their problems easier with no need to log out.

In this blog post, we’ll show you how to easily and securely share and collaborate on sensitive data right on Confluence pages with public access.

What’s the problem?

As you may know, a page is the smallest unit in Confluence. You can apply page restrictions to control groups and/or users who can access your content. But there are a lot of use cases when you need to store some sensitive information (passwords or salary accounts, for example) alongside with common information (instructions or tech specs). Of course, you can create several pages with different sets of permissions to secure your data. But in this case you risk to overpopulate your space with multiple pages and get in a muddle setting page restrictions. You may also face the following situations:

  1. If someone captures your active browser session, he or she will be able to access all the information in your Confluence account.
  2. Keep in mind that your system administrator has access to everything in Confluence.

You can use a simple and trustworthy solution from ServiceRocket, the Security and Encryption for Confluence app. This add-on provides you with a special Secure macro that helps you store your sensitive content inside its body.

Let’s check how this macro solves the problems mentioned above.

Security and Encryption

Imagine that you need to create a secret entry for a password. Only you, as the creator of the Secure Macro, and your company’s senior manager Smith Wesson should see it.

As you can see in the picture, you can easily choose users or groups that can view secret information.

Security and Encryption Macro

But the chosen users won’t get access to your sensitive information immediately after they log in to Confluence. They will be prompted to enter their Confluence password to decrypt the information.

 Security and Encryption Password to decrypt

It is obvious that the system administrator can still view everything. However, you can open the Audit Log with the list of users that viewed the encrypted information.

Among some other handy features of the Security and Encryption app are the following:

  • If you aren’t allowed to decrypt sensitive information, you can request access. Confluence will send the request notification to the owner of the Secure Macro. The owner may edit the Secure Macro and change permissions.
  • If the user account of the owner of the Secure Macro no longer exists, system or Confluence administrators have default access to this macro in the page edit mode. The app records all the actions to the Audit Log.
  • You can set your personal display timeout that is used every time you view the Secure Macro. This setting will be applied to all Secure Macros in your Confluence instance.

Continue learning

Installation of additional apps related to permission and security management empowers Confluence with new capabilities that its internal Confluence settings may lack. Take our free ‘Advanced Permission and Security Management in Atlassian Confluence’ course to learn about other apps that will add missing features to your Confluence instance.

Is Something Wrong with Permissions? Switch User!

November 6, 2018
#How To#Confluence
6 min

Confluence is a handy tool for team collaboration due to its flexible system of permissions and restrictions which can be applied to every piece of your content.

We’ve already covered some life-hacks related to the settings of permission management in Confluence in our recent blog posts:

Today we start a new blog post series featuring the most useful Confluence apps that help you master your Confluence permission and security management skills. We’ll cover some of the top apps from the Atlassian Marketplace.

In this blog post, you will learn about the SU for Confluence app that helps administrators quickly troubleshoot issues their users have. Check out why this app may come in handy for your Confluence instance.

Common issue

As a system or Confluence administrator you deal with a lot of issues your users report:

  • restricted access to some Confluence pages;
  • error messages during some operations;
  • problems with Confluence macros, and more.

Moreover, sometimes users can’t explain what exactly is wrong.

Besides different user issues, a significant part of the administrator job is to create new user accounts or update somebody’s permissions. You are always check if everything is configured in a proper way.

You can’t deny that it is always better to see the issue yourself, fix it and verify that everything works just fine after your manipulations. But here comes the problem: you need to log in to a user account constantly. It appears to be time consuming and rather annoying. Besides you need to ask for a user password. Obviously, it isn’t good for the security policy. Of course, you may reset a user password but it’ll prevent him or her from using Confluence until everything is done.

For such cases we recommend you to use the SU for Confluence app from The Plugin People. It allows you to quickly access account of any Confluence user and effectively troubleshoot their problems with no need to log out. You can just see everything as the user does but you don’t need to ask for or reset a user password.

Let’s see how it works.

The SU for Confluence app

The name of the app reminds us of the UNIX or Linux Switch User command with a similar function. And it is not a coincidence.

You can easily trigger the SU inline dialog:

  • Use the g+u shortcut on any page and choose the required user.

  • Open the administration console and click the SU button in the Users tab.

  • Enter the SU mode in the user details tab.

By default only system administrator can switch user accounts. But you can grant access to Confluence administrator and specify other user groups that need the SU permission. Make sure to grant permissions to the trusted and competent users.

Sometimes it can happen that one user can see more content (spaces or pages) while he or she is taking on the identity of another user. But, of course, anyone with the SU capability (even Confluence administrators) can’t switch to the account of system administrator. If you have several Confluence administrators, they can easily switch to each other’s accounts as they share the same level of permissions.

The SU for Confluence app also allows you to find out who and when switched to this or that user.

Time to learn more!

This blog post is only the tip of the iceberg called Permission and Security Management in Confluence. For more details about internal Confluence settings and additional apps to empower Confluence permission management, we suggest you taking our free ‘Advanced Permission and Security Management in Atlassian Confluence’ training course! This course will be useful for novice Confluence administrators and power users who want to get a promotion and become Confluence administrators themselves.

Hidden Anonyms and Oblivious Admins in Atlassian Confluence

October 23, 2018
#How To#Confluence
6 min

Confluence is an all-in-one collaboration hub that a lot of companies all over the world consider a must-have tool for teamwork. Confluence allows you to create and edit documents, share plans, use task lists, form your own knowledge base for the teammates and customers. Confluence is also a perfect place for discussions, reviews, and feedback.

So we continue our blog post series that can help you gain the insight about the inner workings of Confluence administration. This blog post as well as the posts listed below will be useful both for novice Confluence administrators and power users who want to become administrators themselves.

Today we will show you some Confluence magic. We are ready to perform a trick with anonymous users in Confluence.

Tricky issue

Assume you are a new Confluence administrator and your first task is to understand why some users can view and comment the spaces they do not have access to.

Your colleague, Molly Gibney, works in the HR department of your company and has no access to the Sweet Factory space. But the managers were surprised to find a lot of her comments in this space.

First and foremost, you have to check how this issue looks like in the space your colleagues are talking about.

confluence restrictions

As you can see, Molly Gibney can easily comment the pages in the Sweet Factory space.

Your second thought is that the previous administrator has accidentally added Molly to an inappropriate user group. You know that your company’s managers and engineers use this space for their current projects. So you navigate to the User Management tab.

confluence restrictions

But everything seems okay there: Molly Gibney belongs to the ‘confluence-users’ and ‘hr’ groups.

The next idea is that the problem is somewhere at the space level. Maybe there was a mistake while allocating group and individual permissions for the ‘Sweet Factory’ space.

confluence restrictions

You open the space tools tab and see that all the permissions for the groups and individual users are allocated correctly.

Now you have the last thing to check. If Molly has the System administrator permission at the global level, then everything is clear.

confluence restrictions

You happily navigate to the Global Permissions to find out that Molly Gibney has no individual permissions. And she is definitely not a member of the ‘confluence-administrators’ group (you’ve already checked it).

What is it then? Magic?

Unravelling the mystery

If you think that the situation described above is a ‘bug’ and you need to contact Atlassian support, it is not the case. It is a so-called trick with anonymous users. If you disable anonymous access in Global Permissions but leave public access to the space enabled, anonymous users will not access the space but logged-in users without proper permissions will.

If you check the previous screenshot with the Global Permissions tab once more, you’ll see that anonymous access is disabled globally. But if you return to the Space Permissions tab, you’ll see the following picture.

space permissions in Confluence

So all you need to do to solve the problem is to disable anonymous access at the space level.

We illustrated the concept of anonymous access in Confluence for you to have a better understanding of how this works.

anonymous access in Confluence

Time to learn even more!

We showed you only a small part of what you can do in Confluence. To broaden your knowledge, check out our brand new (and free!) ‘Advanced Permission and Security Management in Atlassian Confluence’ training course for Confluence administrators.

This training course highlights the best practices and useful tricks of Confluence permission and security management. You will learn how to get started using tools that Confluence offers out of the box and discover the most popular apps that will help you power up your Confluence.

Tricky Restrictions or Useful Tips For a Novice Confluence Administrator

October 9, 2018
#How To#Confluence
7 min

Confluence is a wiki software that has proved to be one of the leading solutions for team collaboration on the market. Often used by technical teams, this powerful tool allows you to create product documentation, share tech specs, create various task lists, and engage your colleagues in active discussions of your content. Moreover, Confluence integrates tightly with other Atlassian products to gear up your business process to an advanced level.

We continue our blog post series related to some tricky and non-obvious moments of Confluence permission management. We have already showed you what to do if you are a newbie and eager to master Confluence as well as revealed some tricky but useful tips:

In this blog post, you will discover how to troubleshoot a common problem with page restrictions.

Issue overview

Assume you are a novice Confluence administrator in a large company. Your colleagues from the technical department complain they do not have access to the Bubble Gumball and Lollipops with Chewing Gum pages in the Sweet Factory space.

space restrictions in Confluence

You know that this space is a working place for the management department. But two month ago they worked on the project together with the engineers from the technical department and ‘opened’ several pages for them. At first everything was just fine but now these new pages of the Sweet Factory space are not visible to the engineers. You need to solve the problem.

Solution

In dealing with such cases it is important to move from the upper levels of the permission hierarchy to the lower ones: from global permissions to space permissions and, finally, page restrictions.

At the global level we can see that the ‘confluence-users’ group has the ‘Can Use’ permission. We know that all company employees belong to this default group (including engineers). But this permission is about logging in to Confluence and not about access to the certain pages of a certain space. So let’s move further.

space restrictions in Confluence

At the space level we can see that the ‘engineers’ group has the ‘Can View’ permission. It allows you to access the entire space not separate Confluence pages. So it’s not our case.

space restrictions in Confluence

Our problem is related to page restrictions. Page restrictions help you lock any pages within a space. This means that you can easily choose groups and users that can view or edit the page. Unlisted groups or users won’t have such capability.

And here is a tricky moment: view restrictions are inherited. If any group or user can’t see the certain page, make sure that there is no view restriction at a higher level of the page tree hierarchy.

space restrictions in Confluence

We have the following situation:

  • The managers created the pages Chocolate and Caramel and restricted access to them with the help of view restrictions.
  • The managers created the pages Gum and Jelly Beans without restrictions.
  • Soon the managers populated these branches with several child pages.

Such pages as Bubble Gumball or Lollipops with Chewing Gum are related to the Gum project that remains available for the technical department. But the managers created them under the parent page called Caramel. They didn’t apply any restrictions and thought that these pages were accessible to everybody.

But we can see that there are inherited view restrictions from the parent Caramel page.

space restrictions in Confluence

There are two simple ways to solve the problem:

  1. Remove restrictions from the parent Caramel page. But be aware that in this case the technical department will be able to access the Caramel and Lollipops pages as well.
  2. Move the Bubble Gumball and Lollipops with Chewing Gum pages to the non-restricted Gum branch.

space restrictions in Confluence

Time to learn more!

You may think that everything about Confluence permissions is easy and understandable. And it is so if you read blog posts like this with short clear explanations and descriptive screen shots. But in real life, as a Confluence administrator, you’ll have to deal with a bunch of different issues simultaneously. Especially when your Confluence instance has hundreds of spaces with thousands of pages.

Now you have a perfect way to successfully get started with Confluence – welcome to our free ‘Advanced Permission and Security Management in Atlassian Confluence’ training course!

Our new training course is related to the permission management in Confluence. It will be useful for novice and active Confluence administrators, for Space administrators and power-users who want to become administrators themselves.

Unravelling the Mystery of Confluence-Administrators Group

December 8, 2017
#How To#Confluence
8 min

We continue our blog series for Confluence users and administrators.

If you are here for the first time, you can check our post featuring several useful resources to consider when looking for the best way to learn Confluence essentials. And if you deal with space administration in Confluence, you can learn about a cool hack to make your space read-only in one click.

Today we will dig deeper into Confluence permission management. You will discover why members of confluence-administrators group are also known as super users.

We will show you how users with different permission sets manage the same situation when they need to view the restricted page:

  • Space administrator vs restricted content.
  • System administrator vs restricted content.
  • Confluence-administrators group vs restricted content.

So let’s unravel the mystery of confluence-administrators group.

Confluence super users

Confluence recognizes two types of administrator:

  • System administrator that has the complete control of all administrative functions.
  • Confluence administrator that can manage users and groups.

The confluence-administrators group is a default group with both system administrator and confluence administrator permissions you can’t change in the administration console. So it means that the members of this group are super users.

System administration is their job that’s why they must have access to all parts of the system. By default they don’t have the ability to see the restricted content and do anything with it. However, they can grant themselves any permission they need.

We will tell you more about one of the default permissions that is not so evident for Confluence users and might be not fully explored by the members of confluence-administrators group. Let’s see how it works.

Issue overview

For example, John Smith who was a member of sales department is no longer working in the company. John was also a space administrator of the space called Sales&Marketing.

The head of sales department is another space administrator of Sales&Marketing. She knows that John should have prepared one more report on smartphone sales. However, she doesn’t see this report. So she wants to check if there is any restricted content in this space.

Space administrator vs restricted content

She opens the space settings clicking the Space tools tab in the bottom left corner of the screen. She needs to choose the Permissions tab. After that she opens the tab called Restricted Pages. When she tries to open the restricted page, Confluence informs her that she doesn’t have permission to view it.

But actually she can open the restricted page. For that purpose she needs to return to the Restricted Pages tab and click the unlocked padlock icon in the View line. The padlock icon in the Edit line will again redirect her to the page she saw before.

Confluence redirects her to the page information. To view the content she needs to click the View Page button.

Here is the report on smartphone sales!

This way the space administrator automatically removes all restrictions.

System administrator vs restricted content

Now let’s check how the system administrator solves the problem with the restricted content.

In this case a person from the management team doesn’t have space administrator permissions. So the management team asks the system administrator to check the content.

We will show you the example when the system administrator is not a member of any group in Confluence. She has all administrative functions as a separate user. The confluence-administrators group has the same permissions.

The first thing she needs to do is to grant herself the space permissions. She opens the Space permissions tab of the administrative console and clicks the Recover Permissions button in front of the required space.

After that she can manage the space permissions. She opens the Restricted Pages tab in the space tools and performs the same manipulations as the space administrator did.

This means that the system administrator also automatically makes the restricted content available for everyone.

Confluence-administrators group vs restricted content

OK, now let’s see the restricted content through the eyes of the super user. The management team asks the Confluence administrator to check if there is a report on smartphone sales in the space Sales&Marketing.

The Confluence administrator is a member of confluence-administrators group that can view absolutely all content in Confluence in the page tree of any space. However, when users create pages and set viewing restrictions the members of confluence-administrator won’t see this page in the updates on the dashboard.

Now let’s get back to the issue. Of course, in this case the Confluence administrator can open the space tools and act like we have already described.

But he sees all restricted pages right in the space. So he opens the space content and finds the restricted page called Smartphone sales 2016 in the page tree.

He clicks the padlock icon to check the restrictions applied to this page.

When John created this page, he wanted to be the only viewer and editor of this document. Andrew is a super user and can grant himself or any other user permission to view and edit the page.

So in this particular case he chooses No restrictions, clicks Apply, and reloads the page. After that the head of sales department and other users from the sales-dept group have access to this page.

Resume

Now you know that space administrators and system administrators can remove all page restrictions using the Restricted Pages tab.

All members of confluence-administrators group can view restricted pages by default with no need to open the space tools. They can grant permissions to certain users if required, unlike space administrators and system administrators.

So this feature can be useful when an employee leaves the company and your management team needs to find and change the restrictions left behind.

If you want to learn more Confluence tips and hacks, subscribe for email notifications about new posts in our blog (enter your email in the ‘Newsletter’ section on the sidebar).

If you have any questions, feel free to comment on this blog post.

A Useful Hack to Quickly Make Your Confluence Space Read-Only

August 18, 2017
#How To#Confluence
5 min

Confluence became today’s way to keep your information all in one place, share ideas, and take decisions together with your team. It is getting more and more popular among modern enterprises all over the world. The more team members in your company use it, the more profit you receive. Because Confluence facilitates collaboration and knowledge sharing across the entire organization.

Companies use Confluence for different purposes. The most popular are:

  • Intranet site – to collaborate on the projects within the company;
  • Extranet site – to use it as a public documentation portal to share information with the customers.

We have already written a blog post about how to start your successful Confluence experience. This time we want to show you an easy way to make your space read-only for your colleagues without changing the global permissions. Let’s see what we are talking about.

Permissions in Confluence

Confluence offers three-level permissions structure that allows you to choose the actions users can perform:

  • Global Permissions refer to the actions in Confluence at a site level;
  • Space Permissions determine your actions in the particular space;
  • Page Restrictions allow you to control who can view and edit your page in Confluence.

Confluence system administrator can edit the global permissions: grant permissions to individual users, user groups, or even to anonymous users. Note that if your system administrator opens viewing to anonymous users, you lose the ability to choose who you want to share your content with.

space permissions in Confluence

We will show you the way a space administrator can set up a read-only access for the space using the anonymous access in the space permissions when the anonymous access in the global permissions is turned off. But first let’s see the usual way to limit access to a space for Confluence users.

How administrators usually do it

For example, we have a space called ‘Internal Rules and Regulations’. We need to set up the following permissions:

  • all employees from different Confluence groups can view the space;
  • the ‘top-management’ group and system administrator can view and edit this space.

All Confluence users are added to the ‘confluence-users’ group by default and have access to all spaces. By default they can view and edit information in spaces.

In our case the system administrator deleted a standard ‘confluence-users’ group because he uses the external user directory to manage Confluence users. For that reason we have different user groups for all departments of the company.

So we need to add each user group to the space permissions. We go to the space directory, choose our space called ‘Internal Rules and Regulations’, open the space permissions, and manually add all the groups to the space permissions.

space restrictions in Confluence

It wasn’t difficult but a bit tiresome. The good news is that we know a quicker way to fulfill this task.

An alternative approach to make your space read-only

We will change only the space permissions without editing the global permissions.

We go to the space permissions, add only the ‘top-managers’ group, and turn on the view permission for anonymous users. Anonymous users outside the company can’t view this space because global anonymous ‘Use Confluence’ permission is turned off.

anonymous access Confluence

We receive the same effect like in the first example. All licensed Confluence users except the ‘top-managers’ group have a read-only access to this space.

It is an alternative way to manage your space permission in one click with no need to edit global permissions. It helps you to avoid mistakes and quickly show your space to all users without making a mess in the permission set. To prevent the leak of your data, make sure that the anonymous access in the global permissions is turned off.

To stay tuned, subscribe for email notifications about new posts in our blog (enter your email in the ‘Newsletter’ section on the sidebar).

If you have any questions, feel free to comment on this blog post.