One of the greatest aspects of Confluence is how easy it is to share content. Any page you create can be read and edited by anyone else on your team, which makes for swifter and easier collaboration.
This openness is the default option in Confluence for anything you create, but sometimes that’s not what you want. If your page contains sensitive or private information, or even if it’s just not ready yet, you might not wish for other people to see it. Or you might want people to be able to read it, but not edit it. You may even need to let people outside your organization read the page.
If you have Confluence standard or above (in other words, higher than the free tier), you can modify all these options through permissions and restrictions. In this article you'll learn:
What permissions and restrictions in Confluence are and why you should make use of them.
Why Confluence user groups are the best way to assign permissions and restrictions across your organization.
Best practices for setting permissions, who should be setting them, and when not to use them.
What are Permissions and Restrictions in Confluence?
In a sentence, permissions grant or revoke access rights to users via user groups or user-specific settings. Permissions are assigned by admins, who are split into two groups:
Global permissions – site admins who control the organization’s entire Confluence can oversee permissions for who can log in and create new spaces.
Space permissions – individual space admins handle permissions of a single space. They can grant or revoke permissions for viewing and editing content in that space.
Admins can grant access to anonymous users too. What this means in practice is people outside your organization can view a page if the space admin grants them permission. You can make your space viewable by anonymous users through the space settings. Check out this video on The Best Way to Share Content Outside of Confluence for more information.
Restrictions can be accessed via that little lock in the top right-hand corner of every Confluence page, allowing you to restrict who can view and edit the page. Unlike permissions, by default anyone can restrict a page.
Why You Would Want Control Who Can View a Page
The primary reason for restrictions in Confluence is to restrict access to confidential information. These include:
Work in progress pages, early concept ideas, and any piece of content in a stage where feedback from others might be a waste of their time.
Personal information about employees gathered by the HR department, like addresses and private phone numbers.
Internal information not every employee should have access to from day one with the organization.
Surprises, such as presents or parties. If you have a page for what present to get someone for their retirement party, you won’t want them contributing to the surprise party discussion.
Your personal space with your own notes and to-do list.
Permissions and restrictions actually make it more likely that people in your organization will use Confluence. This might seem counter-intuitive at first, since the primary purpose of Confluence is collaboration. Any method of curtailing that freedom would seem to go against its reason for being. But knowing you can restrict your content will help you and others overcome the anxiety of creating all your content in Confluence in the first place.
If you restrict who can view a page, all child pages under it in the page tree will inherit the same restrictions. This is called “cascading restrictions” and is a great way to restrict multiple pages at once.
User Groups: Your Key to Smart Permissions and Restrictions
You’ve been convinced that permissions and restrictions are vital tools in Confluence. Now what? How do you employ what you’ve learned so far? The key here are Confluence user groups.
User groups are a bit like labels for users (learn all about how to make the most out of labels in Confluence here). Combined with permissions and restrictions, these can be used to determine which pages within Confluence users have access to, and are set by your Confluence administrators.
Create an HR user group to guard personal information in Confluence
If you’re an HR team, you need to protect sensitive information across the organization. To do so, add your HR team members to an hr-team user group. Then, on any HR pages or spaces, restrict it so only members of hr-team can view it.
This will prevent the entire organization from seeing things like budgets or sensitive company plans. When the time is right, you still have the option to add everyone to a user group with more access.
User groups will help make your team more efficient. Instead of adjusting permissions for each person individually, you create a user group. However, it’s worth considering that this won’t always be the most efficient approach:
Personal spaces and work-in-progress pages are a case where you don’t need groups, as you can just use restrictions to make pages viewable by only yourself.
Surprise parties and presents can be handled with temporary groups, such as a surprise-party group. But since this is likely only being used for a single page, creating a group then adding everyone to that group only creates more work for you.
Remember that groups are supposed to save time, so don’t use them when it only creates more work. A true Confluence expert is not the person who knows how to use every tool at their disposal. It’s the one who knows when to use them.
Every new user in Confluence is automatically added to a default user group when you invite users to an Atlassian Cloud product. This distinguishes them from anonymous users – people outside the organization who have never received a login. By default, anonymous users can’t view or edit a Confluence page.
How to Handle Permissions and Restrictions in Confluence
The only people who can create groups in Confluence are the site admins, or anyone in the confluence-admin user group. Once an admin sets up a group, anyone can restrict a page to only people in that group. There are a few best practices for how to make use of user groups in your organization so everyone is on the same page.
Pick one admin or admin group to be in charge of adding people to Confluence groups (depending on the size of your organization). It’s general good practice to have “Confluence gardeners” who manage and organize your Confluence spaces. If possible, make groups the domain of your gardeners.
Create one group that you instantly add any new employee to, to differentiate them from interns or contractors you might want to extend logins to.
The restrictions for each page should be handled by the individual who created it. The group admin should not have to micro-manage every individual page’s restrictions.
Individual apps may have restrictions built into their functionality. For example, our own app Scroll Viewport lets you publish content to an online help center. It only publishes content externally when it’s made available to the group scroll-viewport-user.
If you want to publish certain information to anonymous users and restrict access to specific information, Scroll Viewport is a fantastic tool for publishing your Confluence content online.
As a final note, it’s worth stressing that Confluence is at its best when it's used for open collaboration. Even if you don’t think the person in product design will care much about what the marketing department is doing, you still shouldn’t restrict them from viewing the marketing pages. Product design could still have useful advice or feedback and vice versa. After all, Confluence is open for anyone in your organization to view any page for a reason!
Once you recognize what permissions and restrictions are useful for, they can really help your team better collect and organize all your content in Confluence with a greater peace of mind.