Managing Confluence security

Confluence security groups

Security of content is managed by groups rather than by individuals. Individuals must be added to a group.

There are three levels of permissions: global permissions, space permissions, and page restrictions.

 Group

Description

Members

 Group

Description

Members

site-admins

Grants access to all applications, their administration features and org administration which includes managing users and bills (all spaces)

Denise

confluence-admins-tulaneregistrar

Access to Confluence and Confluence administration features on tulaneregistrar (all spaces)

Denise

confluence-users-tulaneregistrar

Access to Confluence on tulaneregistrar (all spaces)

All Registrar full-time staff plus Denetra Pate-Joseph

Registrar Guests

Guest access (Registrar Planning & Projects)

Guests of the Registrar

(Shawn A, Latonya Mason, Ali Pena)

Registrar Interns

Guest access (Registrar)

Interns

Registrar Leadership Team

User Access (all spaces)

Colette, Steph D, Sarah, Shawn, Nicole, Denise

Confluence spaces

Confluence sites are organized into spaces. We have single site with two spaces:

https://tulaneregistrar.atlassian.net/wiki/spaces/REGISTRAR

The Business Process Library (BPL). Most content is publicly viewable and doesn’t require log in to view. See a list of restricted pages (click the Restricted tab)

https://tulaneregistrar.atlassian.net/wiki/spaces/RW2PS

All content here is restricted to full-time staff (confluence-users-tulaneregistrar group).

Guest access

Our license subscription includes provision for 5 guests per paid user. Our paid user limit for our subscription band is 25.

Interns and Guests of the Registrar have Guest access. Although they have the same access level, to keep the groups organized (so you know who’s who), I’ve created separate groups for them.

To change their level of access, update space permissions in the space they have access to:

Guests can only have access to one space at a time. Global permissions are used to change space access (to essentially move a guest from one space to another),

Creating and updating groups

When you create a group, be sure to grant appropriate space permissions to the group (explained below).

Groups are assigned product roles, and there are 3 product roles: Product Admin, User, Guest. Most groups will be assigned either User or Guest.

Select the product role for a group

We currently have only one product - Confluence. If other products are added,

Confluence product roles

  1. To add a group, click Add groups

  2. Click the Group name field to see all groups. Select the group.

  3. Select a Role.

  4. Click Add.

Space permissions

  1. Grant permission to a group

  2. Add the group to your space

Add a user to a group

  1. Invite the new user

    1. Click the Invite users button.

    2. Enter the email address

    3. Select a Product role

      1. Assign Guest to Interns and Guests of the Registrar

      2. Assign User to Registrar staff

      3. Assign Admin to Product admin

    4. Select group membership

      1. Assign Interns to Registrar Interns

      2. Assign Guests to Registrar Guests

      3. Assign Registrar staff to Registrar Users

      4. Assign Leadership Team to Registrar Leadership Team

      5. Assign Admin to confluence-admins-tulaneregistrar

    5. Assign Guests and Interns to the correct space.

  2. Add the new user to the correct group

Admin

confluence-admins-tulaneregistrar- Grants access to Confluence and Confluence administration features on tulaneregistrar.

site-admins - Grants access to all applications, their administration features and org administration which includes managing users and bills.

  • Unless added as a user to the confluence-users-tulaneregistrar group, members of site-admins won’t be able to see restricted pages.

Because our site is ours alone at the moment (and not part of a larger organization), just add the admin to both groups so they have access to everything.

Page permissions

1. Click on the article you're reviewing.

2. Click on the lock icon in the upper right.

3. Click on Open

4. Click on Only specific people can view or edit

5. Click on Enter a person or group

6. Next, we need to identify the groups who can view or edit.

In this example, we’re restricting pages so that only our team and guests can review or edit. Note that Registrar Guests do not have edit privileges at the group level, so no matter what they have access to view, they won't be able to edit anything. Registrar Guests are those outside of our team like Becky and Shawn who need to access our content, but don’t have full access.

Type Registrar Users and then Registrar Guests.

7. Click on Add

8. Click on Apply

9. Click on OK

This message refers to public links, which is a functionality we're not currently using.