Understanding permissions in Confluence Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Levels of permissions in Confluence
Confluence has three levels of permission. This page will discuss them.
This page will assume that Public Access and Anonymous access have been disabled.
This page will only discuss viewing access.
Level 1: Global Permission
This is the most basic permission that allows users to log in successfully to Confluence. It is often referred to as the "Can Use" permission.
Site Administrators manage this level of permission on the Global Permission page.
Select the cog icon ⚙️ > General Configuration
Select Global Permissions in the left panel.
Users with the "can use" permission, and those who belong to groups with the can use permission, will be able to log in to Confluence.
In this example, only "admin" and other users who belong to the groups "confluence-users" or "confluence-administrators" can log in to Confluence
ℹ️ Good to know:
Users with this permission count towards the number of users allowed by your license
What happens if users who don't have Global permission try to log in?
They will see this Not Permitted error message.
How to fix this
Go to the Global Permission administration page and ensure these users have "can use" permission, or belong to a group with that permission.
See Global Permissions Overview for more detailed information about Global and administration permissions.
Level 2: Space Permissions
Confluence contents or pages will be inside separate Spaces. Each space in Confluence has its own set of permissions, which can be granted and revoked by a Space Administrator. Other users must be granted Space Permission to browse content in a space.
This level of permission is being managed through Space Permission.
Select Space tools from the bottom of the sidebar
Select Permissions
In this example, only "admin" and "user1", as well as the users that belong to the group "group1", can view the pages in this space. (That is, unless there is a further page restriction in place, which will be covered in the next section)
What happens if users don't have the Space permission and try to access pages in that space?
They will see this Page Not Found page:
How to fix this
Go to the Space Permission page and ensure these users have View Space permission, or belong to a group with View Space permission.
See Space Permissions Overview for more detailed information about Space permissions.
Level 3: Page Restrictions
Page restrictions allow you to control who can view and/or edit individual pages in a space. To add or remove page restrictions, you'll need permission to edit the page and 'Restrict' or 'Admin' permission in the space.
To restrict who can view or edit a page or blog post:
Select the Restrictions 🔓 icon at the top of the page.
Choose whether you want to limit who can edit or view and edit.
Enter users or groups, then select Add.
If you choose Viewing and Editing restricted, you can specify whether each person or group can edit or view the page.
Apply the restrictions.
In this example, only "admin" and "user1" can access this page
What happens if users don't have page permission and try to access the pages in that space?
They will see this page that says "You don't have permission to view this page."
How to fix this
Ask someone with 'Restrict' or 'Admin' permission in the space to fix the page permission.
More detailed information about Page permissions can be found here: Page Restrictions.
What happens if permissions conflict with multiple groups OR groups & individual user permissions?
Let's understand this using the following two scenarios.
What happens when a user is a member of multiple groups with conflicting permissions in a space?
What happens if a user is a group member with one set of permissions and is added as an individual user in Space Tools > Permissions with a conflicting set of permissions?
In any scenario, Confluence accumulates permissions from the different groups or individual users for the connected user. And based on that, it will provide access to the content. For example, TestUser1 has View permission in the groups ( Test-group & Confluence -user ), and he has been added to the individual users and provided the pages ( Add & delete ) permission. When this user logs into Confluence, his permission from group permissions & individual permissions will be accumulated, and he can view all contents and add and delete pages.
Was this helpful?