Security and Permissions

ユーザーとグループ

Users are individuals who sign on to Confluence. Most of the time a user represents a human being, but you could also register accounts for programmatic agents accessing the site. For example, a robot sitting in a chat-room and relaying the logs to a Confluence page via the SOAP API might have its own user account.

New users can be created by a site administrator through the "Manage Users" option in the Administration pages, or they can sign themselves up for an account using the signup form. If you do not want users signing up for their own accounts, you can disable the signup form in the "General Configuration" section of the Administration pages: change "Allow Public Signup" to "OFF"

Users can be grouped together into groups for more convenient administration. You can create new groups in the "Manage Groups" section of the Administration pages, and assign users to groups through the "Manage Users" section. Once you have assigned a user to a group, anything the group is permitted to do, the user is also permitted to do.

The "Anonymous" user

The "Anonymous" user isn't really a user, although it shows up on the permission management pages. "Anonymous" represents not only all the users in the system, but also anyone who has not logged in at all. (We call these people "Anonymous users", since they haven't identified themselves)

For more information about setting up anonymous access in Confluence, see Setting up Anonymous Access.

Two Special Groups: confluence-administrators and confluence-users

confluence-administrators is the super-user group. Any user in this group automatically has permission to do anything in the site, regardless of the setting of any other privileges. Users in the confluence-administrators group are also listed as being availble to help on the "Contact Administrators" page that is linked throughout the site.

confluence-users is the default group. All new users are added to this group, so whatever permissions you assign to this group will be the default access for newly signed-up users.

Deleting and Deactivating Users

Confluence will only allow you to delete a user entirely if the user is not responsible for any content within the site. If a user has edited a page or blog post, or left a comment, Confluence will need to keep the user around in the system to maintain its knowledge of who wrote what. You can, however, deactivate a user so they can no longer log in to Confluence.

Deleting and deactivating users can be done in the "Manage Users" section of the Administration pages.

権限

What a user is allowed to do in Confluence is determined by the permissions they have assigned to them. Managing the users of a Confluence installation consists of giving the right users the right permissions.

There are three levels of permissions in Confluence: Global Permissions, Space Permissions and Page Restrictions.

グローバル権限

Global Permissions are granted in the "Global Permissions" section of the Administration screens. In order to assign these permissions, a user must already have the global "Administrate Confluence" permission. Confluence will do its best to make sure you never end up in a situation where the site no longer has any more administrators.

• Use Confluence: The most basic permission. Without this, a user is not able to access the site at all, regardless of what other permissions they may have. In the case of a limited-user license, the number of licensed users is calculated as the number of users who have this permission. (If the "Anyone" user has this permission, then the number of licensed users will always be equal to the number of registered users)
• Create Space: Users with this permission can create new spaces within a Confluence site. When a space is created, the creator automatically has the "Administer Space" permission for that space.
• Administer Confluence: Users with this permission have access to the site administration pages, can change the site configuration, perform backups and imports, and create and modify user details. Note that this isn't quite the same as the super-user privilege of being in the confluence-administrators group, but since any Administrator has the power to add themselves to that group, the distinction is only a technical one.

スペース権限

Every space has its own, independant set of permissions. Space Permissions are granted in the "Permissions" section of each Space Information page. In order to assign these permissions, a user must have the "Administrate Space" permission for that space. If you misconfigure a space so that nobody has access to administer it any more, you will need to have someone in the confluence-administrators group fix the permissions for you.

• View: user can view this space's content.
• Pages: user can view the space's details, and its page and blog-posts.
  • Create - user may create and edit pages in this space.
  • Export - user may export pages in this space.
  • Restrict - user may apply page level permissions.
  • Remove - user may remove pages in this space.

• Blog Posts:
  • Create - user may post blogs in this space.
  • Delete - user may remove blogs in this space.

• Comments:
  • Create - user may make comments in this space.
  • Delete - user may remove comments from this space.

• Attachments:
  • Create - user may add attachments in this space.
  • Delete - user may remove attachm\ents from this space.

• Space:
  • Export - user may export content from this space.
  • Administer - user has administrative permissions over this space.

• Mail: User may delete individual mail items.

ページ制限

The Page Restrictions, introduced in Confluence 1.4, allow to restrict view and edit actions on pages. For complete details, see Page Restrictions.

To understand how Space Permissions and Page Restrictions affect each other, please see Security Overview.