Confluence comes with a sophisticated system for assigning permissions. Users (and groups) can be assigned global permissions, space permissions, and also each access to each page can be individually restricted to a narrower group of users.
At the global level, groups (or individual users) can be assigned permissions to:
- Use Confluence - access the Confluence front page, and access pages within individual spaces if the space and page permissions allow so.
- Create spaces - create new wiki spaces and assign permissions to these spaces.
- Administer Confluence - create groups and populate them with users, assign space permissions, assign global permissions.
The Global Permissions can be assigned only by a Confluence Administrator, from the Confluence Admin console.
These permissions are usually assigned to group, but can be be assigned also to individual users, and to anonymous users (users who have not logged in).
In this installation, anonymous users have been granted the Use permission and can access any spaces that will also explicitly support anonymous users.
See the Confluence Global Permissions Overview for more information.
At the level of an individual wiki space, each user or group can be assigned the following permissions:
- View - view the contents of pages (if not restricted at page-level)
- Create Pages - create pages and modify existing pages (if not restricted at page-level)
- Export pages - export a page into PDF or Word (if access is not restricted at page-level)
- Restrict pages - set page level restrictions.
- Remove pages - delete pages (move them into Trash)
- Create News - post blog-style entries in the space.
- Remove News - delete news entries.
- Create Comments - post comments on pages.
- Remove Comments - remove comments posted on pages.
- Create Attachments - attach files to pages.
- Remove Attachments - delete files attached to pages.
- Remove Mail - a space can be configured to retrieve mail from a POP3 account. This permission is to remove such retrieved mail.
- Export space - export the whole space into PDF, HTML or XML.
- Admin Space - manage the space and assign space permissions to other users.
The permissions can be assigned to individual users, groups, or to anonymous users as a whole.
The owner of a space (the user who requested the space to be created) will become the space admin for that space, and can decide how the permissions will be assigned.
See the Confluence Space Permissions Overview for more information.
An individual page can be further restricted, letting only a narrower selection of users either View or Edit the page. Any user with the Restrict pages privilege can restrict either the viewing or editing of the page. In the restriction, the user will list individual users and groups who can perform the respective action on the page. This is a further restriction, starting from the list of users who can access the space, and narrowing it down to the list given in the restriction. If no restriction is in place, any user who can access the space can also access the page.
Page restrictions and page hierarchy.
When a Viewing restriction is put on a page, it also applies (recursively) to all child pages of the restricted page. If a child page imposes additional restrictions, these are added together with the restrictions inherited from the parent page, and a user accessing a restricted child page must satisfy both the restrictions on the parent page and on the child page.
On the other hand, Editing restrictions do not propagate down the hierarchy, and apply only to the page where they were specified.
See the Confluence Page Restrictions Overview for more information.
Groups in Confluence
Confluence comes with several pre-installed groups. The following globally applicable groups do exist in our installation:
confluence-usersThis group represents any user who has logged in (including remote users). This group has the global Use permission and can be used in space permissions to make a space open to all academic users.
canterbury-usersThis group represents any University of Canterbury user. The group can be used to assign permissions to restrict access only to the University of Canterbury community.
confluence-administratorsThis group gives the Confluence Administrator's team the privilege to administer confluence.
There is also a number of groups created for individual projects. Assigining permissions to group makes the permissions administration for a project much more managable. The the IT Service Desk would be happy to create a group for you.