Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As with any security implementation, you should develop a plan for what needs to be controlled and who needs to have access. Access can be given to individual userids or groups. In many cases, confluence-administrators is likely one such group to whom you provide access. Also, review Macro Security Managed Macros to understand what elements can be controlled.

Use Cases

There are two Use Cases.use cases:

Table plus
columnStyleswidth:120px


Use CaseDescription
#1Your Confluence site does not yet have any of the macros that implement Macro Security installed and you only install them after Macro Security has been set up.
#2Your Confluence site already has installed one or more of the macros that implement Macro Security and now want to start to secure their use.


...

  1. Install the CMSP add-on.
  2. Do not enable security from the add-on's configuration page.
  3. Create and edit a macro-security.properties file that allows only the access you have planned.
    • Go to a convenient location in Confluence and add the file as an attachment. Using an attachment is convenient as it is automatically versioned by Confluence for future reference and change control.
    • The file can be named differently if needed.
    • See Example Configurations to review some sample configuration files you may wish to use as a starting point.
    • See Key Concepts to learn how the the properties file Use Restrictions and Parameter Restrictions work.
  4. Go to the add-ons configuration page and:
    1. Provide the name of the properties file you added as an attachment to a Confluence page, using the syntax of space:page^filename and then click Load to load that properties file.
    2. Select the Enable checkbox and then click Save to enable security.
  5. Install one of the add-ons that you've configured to be restricted in the properties file.
  6. Create a test page to verify that if the proper page restrictions are not added, then the page shows the appropriate error on display.
  7. Repeat steps 6-7 for each add-on that needs to be installed.

...

  1. Install the CMSP add-on.
  2. Do not enable security from the add-on's configuration page. 
  3. Create and edit a macro-security.properties file that allows all access for the macros you use – in essence, not implementing any restrictions. 
    • Go to a convenient location in Confluence and add the file as an attachment. Using an attachment is convenient as it is automatically versioned by Confluence for future reference and change control.
    • The file can be named differently if needed.
    • See Example Configurations to review some sample configuration files you may wish to use as a starting point.
    • See Key Concepts to learn how the the properties file Use Restrictions and Parameter Restrictions work.
  4. Go to the add-ons configuration page and:
    1. Provide the name of the properties file you added as an attachment to a Confluence page, using the syntax of space:page^filename and then click Load to load that properties file.
    2. Select the Enable checkbox and then click Save to enable security.
  5. Using some of your existing pages that use macros that implement Macro Security, verify they continue to work as before.
  6. Identify one of the macros you want to restrict.
  7. Find pages that use that macro.
  8. Apply "edit" page restrictions to those pages to only allow groups that are supposed to have access to the macro.
  9. Edit the macro-security.properties file to restrict that specific macro, save your changes, and upload it to the Confluence page to which you previously attached it.
  10. Re-load the properties file from the add-on's configuration page to make the configuration active.
  11. Verify pages continue to work as before.
  12. Create a test page to verify that if the proper page restrictions are not added, then the page shows the appropriate error on display.
  13. Repeat steps 7-13 for each macro you want to restrict.

Trusted Spaces

...

Approach

A new option is available that may apply in some Use Cases. See Macro Security for Trusted Spaces for more details.

Configuration Tips

...

It is a best practice to create a page for your Confluence user community that documents how you've configured Macro Security. This guides them as to the "edit" page restrictions they must add to any page that will be using a restricted macro, and what spaces you've configured to use Macro Security for Trusted Spaces.


Image Modified