I have a use case where there is a restricted confluence page containing sensitive information. Viewership is limited to a select few. This works well to keep the information contained on the page safe.
However, any time the page is updated all watchers get an email of the page contents. This means that the sensitive information has been sent out via email and the safety of it is then dependent on the safety of the email system. This can be more or less secure depending on a lot of factors, but it certainly distributes the information out to a lot of desktops automatically, which is inherently less secure than keeping it contained to the Confluence Wiki.
Is there a way to disable all change/delta notifications and summaries for a specific confluence page or project? Page specific notification exemptions controllable by the administrator is really what I am looking for.
Any Ideas?
-John
This is actually pretty important security wise. I am surprised Atlassian is doing nothing about it. A minimum would be the capacity to configure the notification to not send the content, but just the page name with the modifier's ID.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi John,
You can create a different space and move all your confidential content to that space. Then place the javascript below in your Space Tools >> Layour >> Page Layout.
<script type="text/javascript">
    AJS.toInit(function(){
          AJS.$('#notifyWatchers').attr('checked', false)
          AJS.$('#notifyWatchers').hide()
    });
</script>
This will uncheck the Notify User Checkbox and hide them to avoid user recheck the checkbox.
Regards,
Jing Hwa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I wrote the following script, before I realized that there was nowhere to put it. We run OnDemand, and adding javascript to the page layout has been disabled in OnDemand. {code} <script type="text/javascript"> /** * Custom functionality to prevent sending notifications when * a page has been labeled with the 'sensitive' label. * * @author James Wilson <jrwilson3@gmail.com> * @date December 16, 2015 */ AJS.toInit(function(){ // Because page labels are not loaded by default when editing pages, // we must open the labels dialog and then quickly hide it, in order // to obtain the list of labels. AJS.Labels.openDialog(); AJS.$('.dialog-button-panel a').click(); var labels = $(".aui-label-split-main"); console.log(labels); // If the page has the 'sensitive' label, then // disable and hide the notifications. for(var j = 0; j < labels.length; j++ ){ if( $(labels[j]).html() == 'sensitive'){ console.log('found sensitive page, disabling notifications'); AJS.$('#notifyWatchers').attr('checked', false); AJS.$('#notifyWatchers').hide(); AJS.$('#notifyWatchers + label').hide(); break; } } } </script> {code}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello, I'm new to this space and have no programming knowledge so I will likely be using incorrect terminology.
I created a page for public view, however, there is information within that can only be seen by some, so I used an Excerpt Macro to help me with that and it worked really well.  The problem then is that Confluence will send updates to all those following the page and unfortunately the e-mail update includes all the sensitive information!  
I searched for a solution in the ATLASSIAN Community with no luck.
I eventually figured out how to work around this:  I first restricted the page's permission to just me, then proceeded to make all the editing/updates to the page, and once done, changed the page's permissions once more to allow others to read-only.  I tested with multiple users and they did not get any e-mail updates.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In case you have the possibility to add new apps, ServiceRockets Show-if macro might be woth a try: https://docs.servicerocket.com/visibility/macro-reference/show-if
Dat within the macro is displayed on the page, but only to the users or groups you've set to see it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SSL connection to SMTP doesn't mean Gmail server will then use SSL to talk to other servers in the chain. You shouldn't trust Gmail they do it securely. Existing e-mail infastructure isn't secure by design.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This sounds promising! Perhaps I am just being dense today but, I cannot seem to find the Layout Section in my on-demand installation using the Documentation Theme.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karen,
Unfortunately, the layout customisation is only available for default look and feel theme.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For the record, the closest I have been able to get is:
Ask that no-one watch the issue in Confluence. As administrators we can remove all watchers of a page. This is not enforcement, but it does stop the leaking.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the Reply Adrien,
1] I hear you about secure email systems. Although, security of data in email is only as secure as the client system that the data ends up on. My goal is to not have the change history of this page distributed to client systems, living on for who knows how long in email cache. While safety on the wire is important, I am mostly concerned with the perpetual record in a client email program like Outlook or Mail.app. This is the kind of user-space data that is a breeze for spyware to mine.
2] Regarding Stealth Instance: I have an on-demand account with many Jira projects and many Confluence spaces. Having a completely seperate account or instance with duplicate accounts and such to prevent dissemination of history for a single page seems like overkill.
This is a question, not a complaint. Is there any way to control this currently in Confluence on-demand settings?
If not I will turn it into a feature request :)
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karen/John, I did hear your question and I only know about workarounds. If we don't get anyone else to provide an alternative answer, it's probably not a feature of Confluence
I don't think you will get lucky with a feature request because it doesn't sound like most Confluence users would benefit from it. However I'm not an Atlassian employee so this is not an official statement and do feel free to seek for comment from Atlassian's product managers.
If you had a download version of Confluence, there would excellent Experts around the world and one of them would certainly be happy to provide a custom solution for you. But I'm afraid they don't have as much control on OnDemand instances.
Best regards and let's hope someone else answers this question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Half-jokingly, get a secure email system.
Gmail allows sending email through SSL connections, so do most of email servers, so you can send mail securely to most domains. Concerning the non-safe domains, maybe you could prevent them from setting their email in Confluence?
The last solution is to have a separate instance for your stealth team. If what you're dealing about is so confidential, it may help isolate the data.
Regards,
Adrien
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.