Roles central and planning your transition

Roles central is your one-stop hub in Confluence admin for managing your site's transition from custom access (legacy granular permissions) to roles. From here, you can:

• Learn how role-based access works and what it means for your site

• Track how much of your site's access is already covered by roles

• Access tooling to plan and bulk transition your site from legacy permissions based access to role-based access

• Set the fallback role that will apply to any unconverted custom access at the end of the transition window

• Move your site to role-based access only when you're ready

Before you begin

You must be a Confluence admin to access Roles central.

Your site must have roles enabled. If you don't have roles enabled yet, the version of Roles central in your Confluence admin settings is more limited.

Access Roles central

1. Go to Confluence admin settings, then select Permissions.

2. Select Roles central.

Configure your roles and defaults

Now that your site has roles, you’ll want to start with a few foundational steps:

1. Audit your permissions data data to understand access across your site.

2. Create custom roles for your organization's unique access needs.

3. Set default access for new spaces, so newly created spaces use roles from the start.

Once these steps are complete, you’re ready to start transitioning your site to roles, space by space or in bulk (recommended).

Transition your site in bulk

Roles central provides access to the two primary tools for moving access across your site from legacy permissions combinations to roles. Once you’ve made a plan, use these tools to update access across your site. The methods for updating access to roles include:

1. Assigning roles by legacy permission combinations

2. Assigning roles by user, either in bulk or space by space.

Read more about how to transition to roles.

Set your fallback role

The fallback role determines what happens to any custom access that hasn't been transitioned by the end of your transition window. Instead of removing access or making that decision for you, Confluence converts remaining custom access to the fallback role you configure.

The default fallback role is Collaborator. You can change it to any default or custom role available on your site.

To set or change the fallback role:

1. Go to Confluence settings, then select Permissions.

2. Select Roles central.

3. In the Fallback role section, select the role you want to use.

4. Select Save.

Transition to role-based access only

You have two paths to complete the transition:

Option 1: Transition at your own pace

Use the transition tool to convert custom access to roles across all or selected spaces. You'll get intelligent role recommendations, the ability to review access impact before applying changes, and a full audit trail.

Once all custom access is converted to roles, you can move to roles-only:

1. Go to Confluence settings, then select Permissions.

2. Select Roles central.

3. Select Move to role-based access only.

4. Review the confirmation, then select Confirm.

Option 2: Let the system apply automatic defaults

If you haven't fully transitioned by the end of your transition window, Confluence will automatically convert any remaining custom access to your configured fallback role.

What happens after you move to roles only

Once your site is in role-based access only:

• All access is managed exclusively through default and custom roles, including changes made via Automations and API. The legacy granular permissions model and custom access are no longer available.

• The transition tool, permissions data exports, and roles central transition view are no longer shown.

• You can still manage your default and custom roles, configure system operations, and bulk update access to roles by individual user across your site.