Confluence comes with a sophisticated system for assigning permissions. Users (and groups) can be assigned global permissions, space permissions, and also each access to each page can be individually restricted to a narrower group of users.
At the global level, groups (or individual users) can be assigned permissions to:
The Global Permissions can be assigned only by a Confluence Administrator, from the Confluence Admin console.
These permissions are usually assigned to group, but can be be assigned also to individual users, and to anonymous users (users who have not logged in).
In this installation, anonymous users have been granted the Use permission and can access any spaces that will also explicitly support anonymous users.
See the Confluence Global Permissions Overview for more information.
At the level of an individual wiki space, each user or group can be assigned the following permissions:
The permissions can be assigned to individual users, groups, or to anonymous users as a whole.
The owner of a space (the user who requested the space to be created) will become the space admin for that space, and can decide how the permissions will be assigned.
See the Confluence Space Permissions Overview for more information.
An individual page can be further restricted, letting only a narrower selection of users either View or Edit the page. Any user with the Restrict pages privilege can restrict either the viewing or editing of the page. In the restriction, the user will list individual users and groups who can perform the respective action on the page. This is a further restriction, starting from the list of users who can access the space, and narrowing it down to the list given in the restriction. If no restriction is in place, any user who can access the space can also access the page.
When a Viewing restriction is put on a page, it also applies (recursively) to all child pages of the restricted page. If a child page imposes additional restrictions, these are added together with the restrictions inherited from the parent page, and a user accessing a restricted child page must satisfy both the restrictions on the parent page and on the child page.
On the other hand, Editing restrictions do not propagate down the hierarchy, and apply only to the page where they were specified.
See the Confluence Page Restrictions Overview for more information.
Confluence comes with several pre-installed groups. The following globally applicable groups do exist in our installation:
confluence-users
This group represents any user who has logged in (including remote users). This group has the global Use permission and can be used in space permissions to make a space open to all academic users.canterbury-users
This group represents any University of Canterbury user. The group can be used to assign permissions to restrict access only to the University of Canterbury community.confluence-administrators
This group gives the Confluence Administrator's team the privilege to administer confluence.There is also a number of groups created for individual projects. Assigining permissions to group makes the permissions administration for a project much more managable. The the IT Service Desk would be happy to create a group for you.