Logging Level to Capture confluence-administrator Group Changes in Confluence Admin


アトラシアン コミュニティをご利用ください。



  1. Specific need arises to have users with "System Administrator" permissions in Confluence but not be in the confluence-administrators group (super users). This is usually due to requirements to enforce restrictions to pages/spaces.
  2. The confluence-administrators group permissions allow access to any restricted spaces/pages and the problem arises that Confluence users with System Administrator permissions can add/remove users to the confluence-administrators group.
  3. This allows users with "System Administrator" permissions to potentially grant  access to sensitive/restricted spaces and pages within Confluence. They could then remove users from the confluence-administrators group to cover their tracks.
  4. Default logging levels do not log activity for adding and removing users to groups.


  1. Edit <install-dir>/confluence/WEB-INF/classes/log4j.properties
  2. Search for 'Embedded Crowd logging'
  3. Change this line to DEBUG level logging (default set at INFO initially)


  • Monitor the <confluence.home>/logs/atlassian-confluence.log for lines similar to this using a cron job or similar:
2012-02-23 16:02:58,778 DEBUG [http-5090-2] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ ryan ] and group [ system-administrators ]
2012-02-23 16:02:58,783 DEBUG [http-5090-2] 
[confluence.user.crowd.CachedCrowdMembershipDao] addUserToGroup adding user [ ryan ] to group [ confluence-administrators ]


(info) No logging is apparent at this level when removing a user from the confluence-administrators group.













最終更新日: 2016 年 2 月 26 日


Powered by Confluence and Scroll Viewport.