Hi Francis,

I will certainly want to give this cli a try.  Let me know what I need to do.

Thanks so much for the help.

-Tommy

Alright. So, if you can follow and install the CLI in your instance and then install the shell client (you can use powershell if you want) by following these instructions.

Confluence Command Line Interface (CLI) - Appfire (atlassian.net)

Installation and Use - Confluence Command Line Interface (CLI) - Appfire (atlassian.net)

Once you have that, you can run this from whichever client you're using

--action runFromSpaceList --common "--action addPermissions --space @space@" --group "confluence-users" --permissions "viewspace,editspace,setpagepermissions,removepage,editblog,removeblog,comment,removecomment,createattachment,removeattachment,exportspace""

I hope this helps

Cheers,
Francis

Am I installing and configuring the ACLI connection first?

@Tommy Lee ,

Yes, that is correct. Here's a step-by-step workflow for this activity.

1. Install CLI for Confluence in your cloud instance
2. Install the client in your PC or use powershell
   1. CLI Client Installation and Use - Appfire Command Line Interface (CLI) - Appfire (atlassian.net)
3. Login with your admin credentials in the client
4. Run the script provided.
5. Verify the results of the command
6. Uninstall the CLI for Confluence.

I hope this helps.

Cheers,

Francis

@Francis Batilo 

Do I need to change any of the parameters in the command you sent?
Is there documentation to the script?  It seems to be adding all the permissions to the "confluence-users" group?  I'm not sure that's what I want to be doing.

The screenshot is the permissions on one of the spaces that I recovered permissions on.  Notice that I now have mostly full access as an Individual User.
My previous Atlassian Admin (Mike Eldridge) has Admin access to all the spaces.
There is no confluence-administrator group that has Admin access, and this is what I'd like to add to all the spaces.

I think I found the documentation:

https://appfire.atlassian.net/wiki/spaces/CSOAP/pages/68458373/addPermissions

@Francis Batilo 

I got this error while trying to revise your script command. Thoughts?

Tried again with extra quotes.  Didn't seem to work either.

@Tommy Lee ,

Could you update the first action command to have two "-"? So instead of -action it should be --action

Also, if you're using the client provided by the CLI and not powershell, try starting the command with acli --action runFromSpaceList...

I hope this fixes the issue.

Cheers,

Francis

@Francis Batilo 

Hmm, closer.  I wonder why I don't have permission.

@Tommy Lee ,

Take note of the spaces that doesn't allow you update them. in the meantime, could you add this command --continue. 

So, you'll need to have this 

SETSPACEPERMISSION" --continue"

That should allow you to skip errors and continue to the whole space list.

Cheers,
Francis

@Francis Batilo 

Looks like it only worked on one space, which is the space I already Recovered Permission, and have individual Admin permissions for.  That one added the "confluence-admins-iinteractive" group in the script run.

All the other Spaces failed to add that group, probably because I'm not an Admin to those groups.  So this is like a Catch-22, I cannot add group admin because i'm not an individual admin.  Ugh.

@Tommy Lee ,

Could you check this for me. 

So, there should be a default admin group for you in your cloud instance. If you go to products and select confluence then manage users/access, you can find the default admin group for that. If you add yourself into that, you won't necessarily need to be added into the space to modify its permissions.

Link: Default groups and permissions | Atlassian Support

The script params didn't include Archive Page nor Mail Delete. (See screenshot for permissions for confluence-admins-iinteractive)

I tried again with "ARCHIVEPAGE" permission parameter and it worked.  But couldn't find one that worked for Mail Delete though.

For Mail Delete: REMOVEMAIL

For Page archive: either PAGEARCHIVE or ARCHIVEPAGE

@Francis Batilo 

I was already on both of the Default Group admin groups.

@Francis Batilo 

Do you have any other ideas or suggestions?

I think I may have to somehow get into the one account that is already an individual Admin off all the spaces.

@Francis Batilo 

Any other suggestions?

@Tommy Lee ,

I apologise for responding late. My other suggestion is updating the default permissions. 

To do this you'll need to

1. go to settings (top right cog next to your name bubble)
2. navigate through the options on the left and find Space Permissions
3. Update the default space permission with the group that you have for the admins
4. Run the CLI script again

Let me know if this works

@Francis Batilo 

That was the first thing we tried.

It doesn't work because that only sets the default permissions on newly created spaces.  It doesn't change existing spaces, which is the problem we're trying to resolve.

@Tommy Lee 

In that case, can you try this one instead?

How to recover space permissions - One Appfire Support Knowledge Base - Appfire (atlassian.net)

try running it once for the one that doesn't work and see if that will allow you to do something.

@Francis Batilo 

I ended up "hacking" into Mike Eldridge's Atlassian account (going through several Google hoops because his Atlassian account is tied into our corporate Google Workspace).  Then using his Atlassian account to run the CLI commands to add group permissions to all the spaces with your script above.  This worked!  And seems like the only route left.  (Did not have to try your recover space permssions link above.)

One more question.  If I want to remove an individual user from space admin, what is the CLI script for that?  We have an individual user that is an admin listed on all our spaces that I'd like to remove. (The "Microsoft Teams for Confluence Cloud" user.)

Got single command to work, but not the recursive one.

--action removePermissions --space CAN --userId "Microsoft Teams for Confluence Cloud" --permissions "@all"


--action runFromSpaceList --common "--action removePermissions --space @space@ --userId "Microsoft Teams for Confluence Cloud" --permissions "@all""

I get there error:

Error: Parameter error: Unexpected argument starting with: Team

Aha I got it!

--action runFromSpaceList --common "--action removePermissions --space @space@ --userId \"Microsoft Teams for Confluence Cloud\" --permissions "@all""

@Francis Batilo  Sorry another question for you...

There is a ghost user that I cannot target with the script.  It is the same user, but some spaces say he's Deactivated, because that user is deactivated.  I tried to reactivate the user and I still could not target him with the script to remove his Confluence permissions.  Any thoughts on this?

I figured this out as well!

I found user John's Atlassian accountId from his user profile page url. (ie. https://example.atlassian.net/jira/people/123456:59635b21-a884-4b71-3b3-8af2467db111)

And I used that ID in the ACLI script for userId and it found and removed all of John's permissions.  Yay, finally, permissions are all cleaned up!

@Tommy Lee , sorry for responding late. I'm glad that you've figured it out and you're able to use the CLI tool. It is a handy app while you're in the cloud, given that we can't go directly to our databases. 

If you have further questions, please let me know or post another question in the community board. 

Thank you again for your patience and I really appreciate you trying out the option I suggested :).

Cheers,
Francis