Considering Confluence Cloud?
Get the high-level details of Confluence Cloud and available features by plan.
Even in a shared space, you may have content that you're not ready to share with everyone yet or some confidential content that's only meant for a few eyes. Whatever the reason, Confluence lets you set view and edit restrictions at the content level, so you can keep it as open or restricted as you need.
Permissions and restrictions aren't customizable on the free plan.
Every organization has different needs, so Confluence lets you customize permissions at the site, space, and content level so that they're just right for you.
Here's a quick rundown of how it all works:
Open by default: Confluence is open by default, so it won't have any restrictions unless you add them.
Global: Your organization or product admin sets this. Global permissions dictate what a person can do on your entire site, but only deal with site-level actions like whether you can create a space.
Space: Set by the space admin, this decides what each user can do in that space.
Content: Anyone with space-level permission to edit content restrictions can change access to content.
Space permissions are granted at the space level, whereas content restrictions are designed to further restrict space permissions. If there are no content restrictions on a page but someone still can't view or edit it, it's likely because they don't have the necessary space permissions.
Confluence has an open-by-default permissions ecosystem. This means that whenever you publish a piece of content (assuming you haven't changed any of the default settings), it will be accessible to the maximum audience possible on Confluence. You can change this in your content’s Restrictions window. To open this window, click the lock icon () at the top of any content.
The Overview page in your space will not have a lock icon. To access the restrictions window for your Overview page, select the More actions menu () > Restrictions.
Access to content (pages, whiteboards, etc.) is defined in terms of who has access to the space the content lives in. Access to the space is defined as whoever has at least view permission in the space. If only one person has access, “Anyone in this space” equals one person. If everyone on the site has access to the space, then “Anyone in this space” equals everyone on the site.
When a piece of content isn’t inheriting restrictions from any parent content, there are three main access settings.
“Anyone in this space can view and edit” is the default for all new content created.
To view which individuals and groups have access to the space:
Open the Restrictions window.
Make sure the access setting is either Anyone in this space can view, only some can edit or Only specific people can view or edit.
Select View who’s in this space, which you can find under “Anyone else in this space”.
Access setting | Means |
---|---|
“Anyone in this space can view and edit” | No restrictions. |
“Anyone in this space can view, only some can edit” | Editing is restricted to specific people. |
“Only specific people can view or edit” | Both viewing and editing is restricted to specific people. |
Space-level settings override content-level settings
For example, let’s assume the content-level setting is “Anyone in this space can view and edit”. Even so, someone who’s been restricted from editing any content in space permissions won’t actually be able to edit the page.
When view restrictions are applied to a piece of content, those restrictions are automatically extended to all content nested under it in the content tree.
“Anyone on the parent can view and edit” is the default setting for any new content created under restricted parent content.
Access setting | Meaning |
---|---|
“Anyone on the parent can view and edit” | This content has no restrictions local to itself, but its audience is limited by restricted parent content. |
“Anyone on the parent can view, only some can edit” | Editing this content is restricted to specific people, but it has no view restrictions local to itself. However, its audience is still limited by restricted parent content. |
“Only specific people can view or edit” | Viewing this content is restricted to a sub-audience of who’s allowed to view its parent content. |
Editing restrictions are not inherited from parent content
Unlike view restrictions, if someone is restricted from editing on parent content, they'll still be able to edit any child content, unless they're restricted from editing on the specific child content.
That said, if someone is restricted from editing at the space level, they will be restricted from editing all content in that space.
Select Anyone in this space can view, only some can edit (or if there are inherited restrictions — “Anyone on the parent can view, only some can edit”).
Type a user's name or a group into the search bar. (You can add multiple people and groups into it.)
Because anyone can already view the page in this scenario, you can only assign specific people Can edit.
Select Add to add them to the list.
Select Apply to save the changes.
To remove someone or a group, simply select the Remove link next to their name.
Select Only specific people can view or edit. This will remove everyone else from the access list (only you will remain).
Type a user's name or a group into the search bar. (You can add multiple people and groups into it.)
Assign specific people Can edit or Can view.
Select Add to add them to the list.
Select Apply to save the changes.
To remove someone or a group, simply select the Remove link next to their name.
Instead of applying restrictions to individuals, you can use Confluence groups to save on typing out individual names. Learn how to create and update groups.
Confluence permissions are additive. This means that if someone is in two Confluence groups, and one group has permission to view a page while the other does not, that person will still be able to see the page because at least one of the groups they're in has permission to view it.
You can make certain spaces (or even your whole site) available to the public, which means that anyone on the internet would be able to access your content.
If a user doesn't have access to the page, they won't receive a notification when @ mentioned.
Adding specific people will not notify them that they’ve been added, unless they specifically requested access (or if you share the page or mention them in a comment to let them know).
If you're not sure why a user has or doesn't have permission to view, edit, or comment on a content item, you can use Confluence's inspect permissions feature.
Inspect permissions is only available on Confluence's premium plan.
As an admin, there may be times when you need to look at content that you haven’t been given permission to view. For example, you may need to unlock a restricted page or space created by an inactive user, or you may need to diagnose content access or security issues. Admin key allows site admins to access restricted content so they can address these needs.
Admin key is also only available on Confluence's premium plan.
You can find the padlock icon that represents an item's restrictions at the top of the content item. Primarily, it opens the Restrictions window, but how it displays can also give you a quick clue to who can view the page.
The lock icon does not offer any information about who can edit the page, only who can view the content.
Anyone in the space can view this item. | |
This item is set so anyone can view it, but it is inheriting view restrictions from one of its parent items. Only people who have view access on the restricting parent item can view this item. | |
Only specific people can view this item. |
If your content has view restrictions, it won't display for anyone who doesn't have permission to view it, neither in the content tree, nor any macros. Unless someone else has specifically been given a link to your content, they won't know it exists.
Exceptions:
If someone has shared a link to a restricted page, or provided a link to it on another page that can be viewed, the link will have the title of the page as part of the URL. However, they won't be able to tell anything else about the page, including who created it, who has permissions, or when it was updated.
Space admins can view and change the restrictions on any content within their space.
Site admins can view and change the restrictions on any content within their site.
Organization admins and authorized Guard Detect users can see page titles in audit logs and security alerts.
If you try to view or edit an item that you don't have permission, you'll see a modal that lets you request that permission. After you request access, you'll get a notification when you've been granted permission.
If someone asks permission to view or edit a restricted item, we'll email whoever is in the best position to grant permission. Our first choice is the content creator. If the content creator is unable to grant permission (if their account is deactivated or if their page access has been revoked), then we’ll send the email to the last person who updated the page. If no content creators or editors are able to grant permission, then we’ll send the email to a space admin.
If you receive an access request, you can choose to grant it, deny it, or ignore the email. That person may ask again, but we don't require a response from you if you don't wish to give one.
Was this helpful?