Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict access to personal spaces when a user is in confluence-users (Confluence 5.6.4)

Teri Simonds
Teri Simonds December 7, 2018

We need to allow some external security auditors access to a single space in Confluence in order to allow them and the internal users being audited to update the audit documents.  We created the space, created the group for the auditors, and then created the auditor accounts (added them to confluence-users and their special auditor group).  They can see the audit space, but they can also views everyone's personal space (including any files people have in their personal space).  I tried removing access to a personal space by removing View permission for both the auditors groups and their userids.  However, because they belong to confluence-users, they are still allowed access.

Is there any way to restrict their access to only their space?  Is there any way to lock down anonymous access to only the auditors?  I've searched the documentation, knowledge base, and this community and have not found a definitive answer. 

Thanks for the help!

Teri 

Answer
Watch
Like Be the first to like this
4337 views

2 answers

0 votes
Olle Friman
Olle Friman
Contributor
March 25, 2021

To allow a user to just see one Space and nothing else I would suggest to separate the confluence-users group from any other access except for being able to login to Confluence . So only use it in the Global Permissions setting. Then you can add another group for the basic access for regular users, which you do not include for the security auditors. These users you just allow to see specific spaces.

My recommendation is to do the same for jira-users group in Jira. Never use it for any other permissions than for logging in to Jira.

There is one challenge to make sure no other user are using these groups for permissions setting. Our way around that is the have a recurring issue for reviewing how it looks for a user with just jira-users and confluence-users set. Any ideas how this could be automated in some way would be appreciated.

Thanks

Olle

Reply
0 votes
Brant Schroeder
Brant Schroeder
Community Champion
December 7, 2018

Teri,

  Sounds like your personal space configuration is not setup correctly.  I would expect each personal space to be limited to administrators and the user who owns the space.  Having confluence-user on personal spaces opens it up to anyone who has confluence access.  You should update your permissions on the spaces and check your default space permissions.

View More Comments
Teri Simonds
Teri Simonds December 7, 2018

Thanks, Brant.  I removed confluence-users from Group space permissions and the auditor IDs can no longer see content on personal spaces.  They can, however, see the universe of people with personal spaces, as well as all the users in Confluence, from the People directory.  Do you know if there's a way to restrict access to the people directory?

I hope you have a great weekend!

Teri

Like
Like
Teri Simonds
Teri Simonds December 10, 2018

Brant, 

That's exactly what I need.  I have one final question.  Can you allow access to more than one group?

Thank you so very much for your help!

Regards,
Teri

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.