Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Admins and page restrictions

Alain Beaulieu
Alain Beaulieu
Contributor
September 29, 2020

Hi all,

We're thinking of using Confluence pages for HR-related confidential information, especially when onboarding newcomers, like integration plans, competency follow-ups and the like. The HR department is reluctant to let us use Confluence because they say admins can see restricted pages if they want to. According to this Atlassian article, space admins can see the list of restricted pages, but it says they have to remove restrictions to be able to see the page contents. Is that right? And is there a way to make a page completely restricted to the people specified, keeping even admins and gods out?

 

Thanks.

Alain

Answer
Watch
Like Be the first to like this
1576 views

2 answers

1 accepted

0 votes
Answer accepted
JimmyVanAU
JimmyVanAU
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 29, 2020

Hi Alain,

HR is correct in that by default Confluence administrators can see restricted pages if they want to. Following https://confluence.atlassian.com/confkb/confluence-admin-permission-levels-explained-604209420.html, the out of the box "confluence-administrators" group is a super user group that overrides system permissions and allows members of this group to see all pages.

While this is known, I've worked in many instances which have fixed this. To do this:

  1. Create a new group, for example "application-administrators", "atlassian-administrators" or "wiki-administrators". This can either be in your user directory or local to Confluence.
  2. Add all the appropriate members to the group.
  3. Under "Global Permissions" in Confluence, remove "confluence-administrators" and add your new group, ensuring you assign system admin privileges.

Then Confluence will lock out 'the gods' and behave as described in the article above. I strongly recommend testing this out in a demo environment (to avoid locking yourself out), and giving HR the assurances they're after.

Cheers, Jimmy

View More Comments
Bastian Stehmann
Bastian Stehmann
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 29, 2020

You can it like this, but you'll have to keep in mind, that the confluence global admins are able to restore the settings for the confluence-administrators group, so they can undo this configuration and workaround.

Like
Alain Beaulieu
Alain Beaulieu
Contributor
October 1, 2020

Thanks for the answers.  Bastian I agree with the confidence level management has to have with admins being diligent professionals, even if they access sensitive information. I haven't had any response from HR management yet so I'll have to wait before I can test this, but hopefully I'll get a green light and move on. I was looking for a solution and the one Jimmy provided would work for me.

Thanks again for your time.

Alain

Like
Reply
0 votes
Bastian Stehmann
Bastian Stehmann
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 29, 2020

Hi @Alain Beaulieu ,

welcome to the community.

Your HR team is right, Admins can get access to restricted pages.

It is right, that space admins can remove the restrictions. But they have to do explicitly, they can't access a restricted page by accident. Global admins in the confluence-administrators group can even access the pages without removing restrictions.

It is not possible to restrict a page in a way, that not even admins can access this page somehow.

But if the HR department doesn't think, that your admins are doing their job well and respect the privacy of data they are responsible for, there might be another problem.

View More Comments
Fides IT Admin Account
Fides IT Admin Account February 21, 2023

This is not correct!

* There are two requirements to b e able to change the restrictions:

1) the permission to change restrictions

2) to view rights to the page in order to add me there

 

While the sysadmin can give himself permission to change restrictions he can not add himself to get view rights.

Same is true if view permissions as with and Active Directory Group. 

Only if this is a jira group he can allow himself to view the page

Like
Bastian Stehmann
Bastian Stehmann
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 21, 2023

Hi @Fides IT Admin Account ,

Everyone in the confluence-administrators group can access every page, even if they are restricted. They won't show up in search results, but if they are directly accessed, ie through page tree, they can be accessed. 

And there, they can modify restrictions. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Upcoming Confluence Events