Confluence Admin Permission Levels Explained
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Important: On DC, the confluence-administrators group automatically grants both System Administrator and Confluence Administrator permissions. The table below compares the standalone permission grants — a user can hold one without the other.
Capability | System Administrator | Confluence Administrator | Space Admin |
|---|---|---|---|
Access Administration Console | ✓ Full access | ✓ Most settings | ✗ No access |
Manage users and groups | ✓ Yes | ✓ Yes | ✗ No |
Install and manage plugins/apps (UPM) | ✓ Yes | ✓ Yes | ✗ No |
Configure mail servers | ✓ Yes | ✓ Yes | ✗ No |
Manage security configuration (allowlist, user directories) | ✓ Yes | ✗ No | ✗ No |
Manage backup & restore | ✓ Yes | ✗ No | ✗ No |
Configure server base URL | ✓ Yes | ✗ No | ✗ No |
Manage space permissions (all spaces) | ✓ Yes | ✓ Yes | Their space only |
Control global look and feel (themes, layouts, CSS) | ✓ Yes | ✓ Yes | Their space only |
Delete spaces | ✓ Yes (any) | ✓ Yes (any) | ✓ Their own space |
View restricted pages (requires | Only if in group | Only if in group | ✗ No |
Key distinctions:
System Administrators can perform actions that could compromise system security (security config, backup/restore, base URL, user directories).
Confluence Administrators handle day-to-day admin (users, plugins, mail, spaces) but cannot access security-critical functions.
confluence-administratorsgroup = super-users who automatically receive both permissions AND can view all content regardless of page/space restrictions. Membership in this group is required to bypass content restrictions — neither standalone permission alone grants this.
It's important to note that there are a few different levels of administrator permissions in Confluence:
Space Administrators: can control administrative functions within that space only (look and feel, permission settings for that space as a whole, exports of space content, etc.). Locked page content will not be visible to space admins.
At the global level, Confluence Administrator and System Administrator permissions govern who can control system-wide administrative settings. Users with the Confluence Administrator permission can perform most administrative functions, but cannot perform functions that can compromise the security of the Confluence system. More on the differences between these two global admin permission types here.
The confluence-administrators group defines a set of "super users" who can access the Administration Console and perform site-wide administration. Members of this group can also see the content of all pages and spaces in the Confluence instance, regardless of space permissions. See Global Permissions Overviewfor more information about this super group.
Bottom line: unless those "admin" users are members of the confluence-administrators group, they should not be able to see an individual page locked via a page restriction.
For more about permissions, see Global Permissions Overview.
Related articles
Was this helpful?