• Documentation
Cloud

We're updating our terminology in Jira

'Issue' is changing to 'work item'. You might notice some inconsistencies while this big change takes place.

Troubleshoot access problems to content

Confluence offers a few different tools to help you troubleshoot access problems to content, whether you’re trying to figure out why someone can’t access a page or why someone can access it but shouldn’t.

Unblock someone’s access

There are a few different reasons why someone wouldn’t have the level of access they should.

Space permissions vs content permissions

The first thing to remember is that permissions in Confluence are inherited from the container above. This means that if someone doesn’t have access to a content item, then it could be because of:

  • settings on the content item itself,

  • settings inherited from one of its parent items,

  • and/or settings inherited from the space.

You may be able to fix access issues, depending on where the access issue is coming from.

  • Issue on the content item itself — To fix these issues, you need to have edit access to the content and space-level permission to edit content restrictions, or else contact someone who does.

  • Issue inherited from a parent item — To fix these issues, you need to have edit access to the parent item and space-level permission to edit content restrictions, or else contact someone who does.

  • Issue inherited from the space — To fix these issues, you need to be a space admin, or else contact one.

For a list of all space-level permissions and what they control, see Assign space permissions.

When someone doesn’t have access

Confluence will let you know when you try to share with people who won’t actually be able to access the content before you’re finished sharing with them.

Two examples of messages alerting user to people who need additional access to the content.

Confluence will also tell you when someone already added to the content doesn’t have the indicated access to the content, but only when a person or a group has been explicitly added to the Specific access list.

List of users with specific access when some of them don't have the intended access and not troubleshooting attention.

This in-line warning message will only appear when a listed person or group:

  • needs space access

  • needs view access to a parent item

  • needs permission at the space level to edit content in the space

When the content inherits restrictions from a parent

Confluence will tell you when content inherits access restrictions from one of its parent items in the content tree.

Share window when content item is restricted by a parent.

To troubleshoot inherited access problems:

  1. Open the Share window on the content item you want to give someone access to.

  2. Select this parent in the statement “Anyone on this parent”. This will take you to the immediate parent item causing the access restriction. (There may be other parent items with view restrictions.)

  3. Open the Share window on that parent item and see if the person or group has access. If not, add them.

    1. After adding them, if this parent item doesn’t inherit restrictions from any of its parents, go back to the original content item and refresh to confirm the access problem has been resolved.

    2. If this parent item does inherit restrictions from one of its parents, follow the same process until you’ve added the person or group to all restricted parents.

If you have permission to move content in the space, you can also try moving the child content out from under the restricted parent item where it’s organized in the content tree.

An easier way to troubleshoot on Premium

If you’re on the premium plan, you can use the inspect permissions feature to easily see at which levels of hierarchy someone is being denied access (parent content, space, and/or product).

You can find this feature in the Share window, in the More options menu (•••).

Restrict someone’s access

If someone can access content they shouldn’t, there are a couple of things to consider.

First, you can remove access for everyone and individually add back only the people who should have access.

To remove access for everyone and add back individually:

  1. Open the Share window.

  2. Change General access from Open > Restricted.

  3. Add individual people or groups back to the access list.

  4. Select Save.

Second, you might need to look for additive permissions.

Additive permissions and groups

Confluence operates on a model of additive permissions, which means that if someone has access to content in two or more ways, they always get the greater access.

For example, let’s say you have a page that is restricted to the group “Marketing team”. Only that group should be able to view and edit the page. This means that General access is set to “Restricted” and that the group “Marketing team” appears in Specific access with “Can edit” permission.

But let’s say that Omar, who is a member of the “Marketing team” group, should not be able to edit the page, and to accomplish this, someone added Omar explicitly to the page with “Can view” permission. This does NOT mean Omar is restricted from editing the page.

This is because, even though Omar is explicitly listed as “Can view”, he can still edit the page because he has access to the page through another source — as a member of the “Marketing team” group — which has “Can edit” assigned.

Thus, part of troubleshooting why someone has a certain level of access to content that they shouldn’t have is figuring out all the ways they might have access and determining the greatest access across those sources.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageUnblock someone’s accessSpace permissions vs content permissionsWhen someone doesn’t have accessWhen the content inherits restrictions from a parentRestrict someone’s accessAdditive permissions and groups
CommunityQuestions, discussions, and articles