This page contains an overview of how to use page restrictions in Confluence.
On this page:
Page restrictions allow you to control who can view or edit individual pages. You can set the page restrictions from the Page Restrictions Dialog, accessed under 'Tools', 'Restrictions'. You can also set restrictions when editing a page, in the Restrictions section near the bottom of the page.
When a page you are viewing has restrictions applied, a small padlock icon You can also access the 'Page Restrictions' dialog box by clicking the 'Tools' menu at the top-right of a page and selecting the 'Restrictions' menu item.
When a page you are viewing has restrictions applied, a small padlock iconappears next to the page byline. Clicking the padlock will open the 'Page Restrictions' dialog box, where full details on the page restrictions are displayed.
You can also access the 'Page Restrictions' dialog box by clicking the 'Tools' menu at the top-right of a page and selecting the 'Restrictions' menu item.
For instructions on using the 'Page Restrictions' dialog box, refer to Setting a Page's Restrictions.
Screenshot: The Confluence Page Restrictions Dialog Box
The Confluence Permissions and Page Restrictions Hierarchy
Permissions and page restrictions in Confluence work within a hierarchical manner. For example, users who can access and modify global permissions (for instance, Confluence Administrators) can define which users can access and modify space level permissions (that is, space administrators). Space administrators can then define which users have access to create and modify pages. These users in turn can then apply viewing and editing restrictions to a page. By inheritance, these restrictions will also be applied to any child or descendant pages which are then added to that page.
See the diagram below for an illustration.
Diagram: Confluence Restrictions Hierarchy
Requirements for Setting Restrictions
In order to set or modify page restrictions, you need to have both:
- 'Restrict Pages' permission in the space to which the page belongs (since page restrictions operate within the bounds of space permissions).
- Permission to edit the page itself. That is, if a user is prevented from editing a page through page restrictions, they are also prevented from changing the restrictions themselves.
Page Security Rules
Users can only view page or space content for which they (or a group they are in) have 'View' permission. Pages that a user does not have 'View' access to are referred to as 'inaccessible' pages. Visit Inaccessible Page to see how Confluence deals with pages a user cannot view:
- Anonymous users are directed to the login page.
- Logged-in users are shown a permissions error page.
It is not possible to conceal the existence of pages, though you can restrict 'View' access to page content.
Users will still be able to find the page if they know its URL. But they will not be able to view the content if they don't have the correct permissions.
Inherited Restrictions and Child Pages
If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on). If a 'View' restriction is added to a page that has already inherited page restrictions from its parent, users must satisfy both restrictions in order to see the page.
'Edit' restrictions are not inherited from the parent page, only from the space.
Example of Child Page Restrictions
Consider the page 'Documents', with a child page 'Executive', which itself has a child page 'Payroll'. To begin with, anyone who can view the space to which these pages belong can see all three pages.
For security reasons, 'View' restrictions are set on the 'Executive' page, restricting it to the 'mycompany-management group'. At this point, anyone can still see the 'Documents' page, but you must be in the 'mycompany-management group' in order to view either 'Executive' or 'Payroll'.
Since 'Payroll' information is considered particularly private, the 'Payroll' page then has its page restrictions set to only allow members of the 'mycompany-financial' group to view it. At this point, anyone can see the 'Documents' page, only members of 'mycompany-management' can see 'Executive', and only users who are members of both the 'mycompany-management' and 'mycompany-financial' groups can view 'Payroll'.
How to Open Part of a Space
If designing a large site implementation with this strategy, consult Page Restrictions Performance Considerations.
Often there are cases for which a section of a space should be opened to a group or set of users (for this example, we'll call them group B), but the rest of the space should not be visible to your main users (for this example, we'll call them group A). In this case:
- Add 'view' permission for both groups A and B in space permissions.
- Move the page to be opened to the root of the space. When browsing the pages in the space, your normal space home page and this page should both be at the root level.
- Add a page restriction to allow Group A and B to see this page.
- Add a page restriction to your main landing page for Group A, thereby excluding this set of pages from Group B.
You can repeat this with any page hierarchy.
- Space administrators are responsible for the management of a space and its contents. They therefore have the ability to remove all restrictions from a page (as described in 'Viewing Restricted Pages'). This means that space administrators can view and edit all content in the space.
- Users who are members of the 'confluence-administrators' group ('super-users') can view all pages regardless of the page restrictions. To be able to edit the page, you will need to remove the restriction from it first – go to 'Space Administration' > 'Restricted Pages'.
You cannot exclude yourself
As creator or editor of a page, you cannot use page restrictions to deny yourself access to the page. Confluence will automatically add your username into the list of users/groups allowed to view/edit the page. If you remove your username, Confluence will put it back again.
What would you like to do?
Take me back to the Wikis Help Guide.