Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Separate groups for Create Space & Confluence Admin permissions without new users getting Create Space?

David Gruber2
David Gruber
Contributor
May 11, 2014

I want to grant the Create Space and Confluence Administrator global permissions to separate groups but it seems that when you create a new OnDemand user and check Confluence under Application Access that results in the user being added to all groups assigned a global permission unless the group has the Confluence Administrator permission. JIRA does not have the same problem as I have separate groups for the JIRA Administrators and Create Shared Objects permissions and new users are not automatically added to the latter group. It seems the reason for the difference is Confluence requires "can use" be checked for every group assigned a global permission (see below) but JIRA does not have the equivalent requirement that all groups with a global permission have the JIRA Users permission.

Has anyone seen a ticket on JAC that covers this issue in Confluence (I was surprised I couldn't find one)? Does anyone have a way around this problem (maybe somehow using a browser's developer tools on the Edit Global Permissions page)?

Answer
Watch
Like Be the first to like this
480 views

2 answers

1 accepted

0 votes
Answer accepted
David Gruber2
David Gruber
Contributor
July 31, 2014

Yes Alexy that's what I did but I think it is only a next best option not a full solution. I've actually just found a way to get around the reason for the problem. In Confluence "can use" will be left unchecked for a group being assigned global permissions by making the below request (login handled by CLI) similar to what the UI is doing, assuming the group is not already assigned any global permissions (can be temporarily assigned to another group such as confluence-users to not be lost):

confluence -a renderRequest --requestType GET --request /admin/permissions/doeditglobalpermissions.action --requestParameters "confluence_checkbox_profileattachments_group_<group>=on&confluence_checkbox_updateuserstatus_group_<group>=on&confluence_checkbox_personalspace_group_<group>=on&confluence_checkbox_createspace_group_<group>=on&confluence_checkbox_administrateconfluence_group_<group>=on&groupsToAdd=&usersToAdd=&confirm=Save+all"

Now I can meet the initial goal with this workaround. To grant Create Space and Confluence Administrator global permissions to separate groups, eg confluence-admins and confluence-creators respectively, where a new OnDemand user given Confluence Application Access will not be automatically added to confluence-creators, temporarily assign Confluence Administrator permission to confluence-users and remove any other global permissions from confluence-admins and confluence-creators, then run the following:

confluence -a renderRequest --requestType GET --request /admin/permissions/doeditglobalpermissions.action --requestParameters "confluence_checkbox_administrateconfluence_group_confluence-admins=on&confluence_checkbox_personalspace_group_confluence-creators=on&confluence_checkbox_createspace_group_confluence-creators=on&groupsToAdd=&usersToAdd=&confirm=Save+all"

Technically, the above only needs to be done for confluence-creators since Confluence Administrator permission keeps new users from being added to confluence-admins.

Reply
0 votes
Alexey_Rjeutski__Polontech_
Alexey_Rjeutski__Polontech_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 31, 2014
Just remove can use permissions from all groups but one. Add all your administrators to that group. So from the one hand they can use confluence as members of users group, from the other - administrate as members of administration group. If you have some strict security policy- have one group that can use confluence and don't use it in any default or space permission settings
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.