Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 21:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

confluence-administrators vs. "regular" administrators?

Cody
Cody May 23, 2020

I have an employee who is our resident "confluence power user". I'd like for him to be able to do everything on the site except see every page on the site. For instance, there are other employees financial information/performance reviews/etc. and he shouldn't have access to this. What is the best way to handle that. 

Is there something like a "confluence-administrator-lite"?

Answer
Watch
Like Be the first to like this
1162 views

2 answers

0 votes
Ryan Carpenter
Ryan Carpenter
Contributor
May 24, 2020

Yes. In the Confluence settings, go to Global Permissions and create the confluence-admins-lite group, and give the group Confluence Administrator permission but not System Administrator permission.

20200524-550_chrome.png

Users in the confluence-admins-lite group will have access to the Confluence admin panel, but will not be able to edit the System Administrators group and will not be able to edit their own groups to become a System Administrator.

Users in confluence-admins-lite will be able to edit their own groups, and the System Administrators group will appear as an option. However, selecting a group with system administrator permission and attempting to save produces the following error message (in Confluence Server 7.3.2).

20200524-549_chrome.png 

You can now control page access through page permissions. Make sure to consider any additional precautions needed to make sure that sensitive content will remain in the restricted space and that unrestricted pages containing sensitive content will not get created. And of course, test everything thoroughly before implementing any of these suggestions. Results may vary. I could be wrong. There may be something else important to consider.

More information:

Reply
0 votes
Ryan Carpenter
Ryan Carpenter
Contributor
May 24, 2020

Do you really mean absolutely everything, including site-wide configuration of the application (i.e., via the administration panel), or "everything" related to administering content and spaces? If the former, ordinary Confluence permissions alone would not provide a bullet-proof solution. If the latter, you could use the space administrator setting.

View More Comments
Cody
Cody May 24, 2020

I think so- but I don’t know what I don’t know. He is the user who sets up spaces, manages permissions, etc. 

i don’t know if anything that I wouldn’t want him to do- except see every page, or make it possible for himself to do so.

Like
Ryan Carpenter
Ryan Carpenter
Contributor
May 24, 2020

You might be able to use network-level firewall controls as a workaround, while still allowing full control. For instance, by blocking access to the url for administration of the sensitive-content-group and the power user's own group membership admin (NB: amateur idea). Even so, users within the sensitive-content-group can also break the security, for instance, by accidentally posting in the wrong space. You may need to examine the risks beyond those associated with the admin.

Like
Ryan Carpenter
Ryan Carpenter
Contributor
May 24, 2020

Pardon me. You can make a group of your own, separate from the confluence-administrators group, that has "Confluence Administrator" privileges and not "System Administrator" privileges. The permissions of your confluence-admins-lite group will look the same as the confluence-administrators but there may be some special functionality of the predefined group. I am not sure about this, so you will need to test the lite group and/or get more information from Atlassian or someone who can give a definitive answer.

Like
Ryan Carpenter
Ryan Carpenter
Contributor
May 24, 2020

Scratch this. I have posted a new response with more accurate information.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events