Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permanently prevent specific users from accessing Confluence - site administration is overridden

Christian Joel
Christian Joel November 27, 2023

Refering to this article https://support.atlassian.com/jira-service-management-cloud/docs/remove-confluence-product-access-for-users-in-your-site/ I can't see the option "Manage product access" in the Product access -> Confluence -> More menu (⋯) like described in step 2. a. iii.

Further I can't find the option New users have access to this product described in step 3.

 

Problem: Security issue about users getting access to confluence despite the user don't has product access to confluence nor is in any group with access to confluence.

We are using Jira Cloud and Confluence Cloud and I want to keep some users out of our confluence wiki, because they are external and are forbidden to see our confluence wiki at all.

But as I tested today every jira user created by us who don't has access to confluence can compromise the Atlassian Administration configuration! The external users are configured in https://admin.atlassian.com to only have access to jira software, but not confluence (!).

As soon as an external user logs in, opens the menu on top left (nine dots in the square), switch to "Confluence TRY", then he can click on "test now". The page reloads and displays the message that confluence is already active. Then the external user can click on "go to confluence" and then he gets access to it and to all internal spaces and sites!

When checking the user's configuration, he got all from sudden access to the product "Confluence" with product role "Users" and is added to the group "confluence-users"! Both entries were nonexistent before! So this is a huge security issue, when I can't fulfill the requirements of my company to deny access of external users to our confluence wiki!

Any ideas?

Answer
Watch
Like Be the first to like this
873 views

1 answer

0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 27, 2023

Hi @Christian Joel 

You need to have the org admin permission to make the changes mentioned on the article you mention in your request.

View More Comments
Christian Joel
Christian Joel November 28, 2023

Hi @Marc - Devoteam ,

thanks for your reply. Do you mean org admin like this?

joel jira org admin.png

Also contacted another org admin of my company, he also doesn't see the option Manage product access...

Any other suggestions?

Like
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 28, 2023

Hi @Christian Joel 

See products section and you should be able to manage each of your products

Screenshot 2023-11-28 at 10.41.17.png

Like
Christian Joel
Christian Joel November 28, 2023

Hi @Marc - Devoteam ,

yes ofc that view exists, but as you see, there is only the option "manage product" but not "manage prduct access". Behind the three dots at product 'confluence' there are only two options "manage product" and "manage users".

Where do you see the toggle "New users have access to this product" like described in step 3 of https://support.atlassian.com/jira-service-management-cloud/docs/remove-confluence-product-access-for-users-in-your-site/ ?

Kind regards

Like
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 28, 2023

Hi @Christian Joel 

You and I already have the new

Improved user management experience

See bottom part of the article. Old Cloud instances use the top section of this page.

This way on managing accounts is slowly faced out and everyone will move to the new experience..

Like
Christian Joel
Christian Joel November 29, 2023

@Marc - DevoteamThat's the point, thank you! So there isn't any option like "New users have access to this product." within the "Improved user management experience". But still there is a mistake in the description, because "Manage access" is not available but "Manage Product" (which leads actually to the same page).

Meawhile we found out, why external users can get access to confluence by themselves while overriding the access settings in the Atlassian administration. It is because the domain of the users was added to the "Approved domains" in the "User access settings". While we appreciate that the external company can invite/add new collegues to our Jira Software, we weren't aware that this "Approved domains" setting includes access to all Jira products, which we don't want. So removing the domain from the "Approved domains" fixed our problem.

Thank you for you help @Marc - Devoteam, this thread can be closed.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.