Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to nest groups in the internal directory?

William Kokolis1
William Kokolis August 3, 2015

We have a Confluence deployment that, for the most part, uses AD groups and users.  Recently we've been asked to provide access to our wiki to select vendor/partners.  Within a particular space, we need to have our staff (all members of 'confluence_users') able to view & edit all pages.  The vendor users should only be able to view specific pages (and not edit anything).  The problem that I'm running into is that to pull this off, I have to have my staff set view restrictions on every page so that ourselves & the relevant vendor can view a page but no one else can.

For example,

  • Page 1 - staff + vendor a
  • Page 2 - staff + vendor b
  • Page 3 - staff + vendor a + vendor c
  • Page 4 - staff only

The permissions for page 4 are easy.  The ones for pages 1, 2, and 3, however, are tricky because users forget to do things like add their own group to the view restrictions when they create pages.

We don't want to have to create AD accounts for the vendors, and would rather manage them via local accounts.  As such, I've set up a local group for each vendor, and have placed their respective users into said groups.  In order to simplify the space permissions, I'd like to also add the 'confluence_users' group to the vendor-specific groups.  This doesn't appear possible though, since nesting doesn't seem to be an option for the internal directory.

Short of either adding our vendors to our primary domain (basically a non-starter) or creating an LDAP instance on the wiki server to manage them, is there any (relatively) simple way to accomplish this?

For reference, we're running Confluence 5.5.4 on Linux.

Thanks,

Answer
Watch
Like Be the first to like this
467 views

2 answers

0 votes
Milo Test
Milo Test
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 4, 2015

Okay, just to be clear:

  1. On the space, give confluence-users add permissions and the vendors read and comment permissions
  2. On the home page of the space, give confluence-users edit restriction
  3. After creating a page, give the vendor view restriction

 

View More Comments
William Kokolis1
William Kokolis August 4, 2015

I'm sorry, but that doesn't work. Following the instructions, I end up a page that has view rights restricted to vendor and myself. Other members of confluence-users cannot see the newly-created page. Is this something that requires a newer version than 5.5?

Like
Milo Test
Milo Test
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 4, 2015

In step 3 above, try giving the vendor *edit* restriction (remove view restriction).

Like
Reply
0 votes
Milo Test
Milo Test
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 3, 2015

Page-level restrictions do create a lot of busy work, but you can use inheritance to your advantage in this case.

Set the home page of each space to have edit restriction to the group(s). Then when a user creates a page, even if they set a view restriction for a specific user, all the people in all the groups with edit access of the parent page, will have view and edit access of the child page(s).

View More Comments
William Kokolis1
William Kokolis August 4, 2015

I'm not sure I follow you. The goal is to have all pages visible to confluence-users, with a subset visible to both vendor & confluence-users. In this space, vendor only has view permissions; nothing else. If I follow your instructions, I end up with a page that is hidden from everyone except the creator and the vendor group. No other member of confluence-users can see the page, despite them have edit rights across the board.

Like
Milo Test
Milo Test
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 4, 2015

I'm afraid I assumed you had given confluence-users space permission. Please try that.

Like
William Kokolis1
William Kokolis August 4, 2015

Which space permissions? Confluence-users currently has view, add pages, add comments, and add attachments. Vendors only has view and add comments.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.