I have been attempting to set up our company internal Confluence Server for limited viewing by external parties securely. I have found two options, both with unattractive downsides. I can enable anonymous access to a space, or create a dedicated user account with customized security.
My use case is as follows:
I have ~10 pages in various spaces within our Confluence site which we want to be viewable by external users, such as a partner company. I need to find the proper way of making these pages, or their contents, viewable either anonymously without requiring all future pages to be manually changed in their restrictions to disallow anonymous. I have tried setting up a dedicated space for such anonymous-directed content and using the Include macro to call it forth, but the permissions of the source pages don't allow me to assert anonymous viewing without changing the entire space to allow anonymous. If there was a method of defining default space permissions to disallow anonymous, so I don't have to trust users will make the change themselves, that would also work.
I have explored using a custom 'guest' account, but the issue there is the guest can still see other user's personal spaces. I have not found a method of disallowing that.
After searching through many forum posts both here and offsite, I have not found a solution yet. How have others here managed to securely provide access to specific pages in the Confluence site to external actors? The only other workaround I have found is to manually copy pages from their origin to the dedicated public space, but that leaves too much room for user error.
I am using Confluence Server v6.11.2 with a PostgreSQL database on a Windows server. Please let me know if I can provide further clarifying information!
Hello Tomas,
To grant external users access into Confluence there are multiple different ways to accommodate this. When granting access externally to anonymous users you always need to be aware of what is publicly available and understanding anyone can see these pages/spaces if permitted.
The first method is the simplest. You enable anonymous access, and ensure that they are only permitted to a space which all content will be publicly facing. This will have the least amount of administrative overhead in regards to security and will be the fastest way to get the data publicly available.
The second method is more complex. You enable anonymous access, ensure they are able to view all the spaces with the content you want publicly available. Within those spaces, you will need to set page level restrictions to prevent anonymous users from viewing them. (This will most likely be a deterrent to do this if you have a space with hundreds or thousands of pages. Setting a page level restriction on a part page will allow the children to inherit that restriction).
And for the third option you can explore the marketplace to see if there is a theme add-on which will allow you to apply additional public access level restrictions without having to go through to much effort. There are multiple available add-ons available in the marketplace for themes. Here is a redefine search for Confluence Marketplace Theme Add-Ons.
To learn more about the above, here are a view documentation pages to review:
How To Partition Confluence for Different Isolated User Groups
There is no perfect match for each company to apply public level access to Confluence and some companies want to ensure each user does login. Confluence is flexible enough to allow you to accomplish what you need with as much or as little security as possible.
I hope the above gives some insight into possible options and allows you explore which one may be of a benefit to you.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.