Versions Compared

Old Version 9

changes.mady.by.user Saumya Sunder (Inactive) (Deactivated)

Saved on

compared with

New Version 10

changes.mady.by.user Smita Nair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

  • Securing a macro with Macro Security for Confluence is helpful for particular, often more powerful macros.
  • When Macro Security is desired for a particular macro, a set of secured usage configurations (see options below) can be uniquely defined for that macro.
  • See the table below for a list of macros from Bob Swift Atlassian apps that implement Macro Security, along with additional details about what is specifically enabled for each macro. 
  • For other macros (not outlined below) where Macro Security is also desired, developers may enable their own macros to participate. See Macro Security to Control User Macros for more details.


Panel
bgColor#efefef

 On This Page:

Table of Contents
maxLevel3


HTML Comment
hiddentrue

This page is referenced from the app's Get Started dialog


Usage

  • The basis of Macro Security is to prevent certain “restricted” macros from being deployed or edited within Confluence pages by unauthorized users, unless the edit restrictions defined for the page match the security restrictions defined for the macro OR the macro has been configured for and is being used in a space referenced by Macro Security for Trusted Spaces.

  • In some cases, you may opt to secure only specific macro parameters rather than the entire macro.
  • Once a macro (or a macro parameter) has been configured for restricted use, you need to review any existing Confluence page that uses the macro to ensure its page restrictions match that macro's newly configured security restrictions.
  • For enabled macros that are marked as Use Restriction below, a security configuration entry is required for the macro before it works on any installation where Macro Security enabled. 

Legend 

ColumnDescriptionExample Configuration
Use Restriction
(tick) means macro can only be used by authorized users

sql = confluence-administrators

Parameter Restriction
(tick) means that one or more parameters can be restricted in total or by value if the parameter indicates this specifically

sql.datasource.* = confluence-administrators
sql.datasource.testDS = *ANY

Controlled ParametersList of those parameters that can be restricted or restricted by value

Enabled Macros

(warning) Please note that both the parameter names and values are case-sensitive!


Table plus
sortColumn1
columnTypesS,S,E,E


MacroAppUse
Restriction		Parameter
Restriction		Controlled ParametersUnrestricted Configuration
sqlSQL(tick)(tick)
  • datasource (by value)
  • limit
  • disableAntiXss
  • querytimeout


sql = *ANY

sql.datasource.* = *ANY

sql.limit = *ANY

sql.disableAntiXss = *ANY

sql.querytimeout = *ANY

sql-querySQL(tick)(tick)
  • datasource (by value) 
  • limit
  • disableAntiXss
  • querytimeout

sql-query = *ANY

sql-query.datasource.* = *ANY

sql-query.limit = *ANY

sql-query.disableAntiXss = *ANY

sql-query.querytimeout = *ANY

sql-fileSQL(tick)(tick)
  • datasource (by value)
  • file (by value)
  • limit
  • disableAntiXss
  • querytimeout

sql-file = *ANY

sql-file.file.* = *ANY

sql-file.datasource.* = *ANY

sql-file.limit = *ANY

sql-file.disableAntiXss = *ANY

sql-file.querytimeout = *ANY

beanshellSCRP(tick)

beanshell = *ANY

groovySCRP (tick)

groovy = *ANY

gantSCRP (tick)

gant = *ANY

jythonSCRP (tick)

jython = *ANY

javascriptSCRP (tick)

javascript = *ANY

htmlHTML(tick)(tick)
  • html
  • url
  • allowJavascript
  • profile (by value)
Info

URLs are allowed if Macro Security
is not installed or is disabled.


html = *ANY

html.allowJavascript = *ANY

html.url = *ANY

html.profile.* = *ANY

html-bobswift 

Info

Since HTML for Confluence 5.7.0 version


HTML(tick)(tick)
  • html-bobswift
  • url
  • allowJavascript
  • profile (by value)
Info

URLs are allowed if Macro Security
is not installed or is disabled.


html-bobswift = *ANY

html-bobswift.allowJavascript = *ANY

html-bobswift.url = *ANY

html-bobswift.profile.* = *ANY

xsltHTML (tick)
  • disableSecureProcessing

xslt = *ANY

xslt.disableSecureProcessing = *ANY

cliCCLI(tick)(tick)
  • profile (by value)
  • product (by value)
  • directory (by value)
  • datasource (by value)

cli = *ANY

cli.profile.* = *ANY

cli.product.* = *ANY

cli.directory.* = *ANY

cli.datasource.* = *ANY

include-remoteCCLI(tick)(tick)
  • profile (by value)

include-remote = *ANY

include-remote.profile.* = *ANY

cacheCACHE(tick)

cache = *ANY

futureCACHE(tick)(tick)
  • timeout (if higher than default)

future = *ANY

future.timeout = *ANY

runRUN(tick)(tick)
  • disableAntiXss
  • parameterinput (by value)

run = *ANY

run.disableAntiXss = *ANY

run.parameterinput.* = *ANY
run-nowRUN (tick)(tick)
  • disableAntiXss
  • parameterinput  (by value)

run-now = *ANY

run-now.disableAntiXss = *ANY

run-now.parameterinput.* = *ANY
csvTBL
(tick)
  • url
  • disableAntiXss
(info) url is
Info

URLs are allowed if

macro security

Macro Security
is not installed or is disabled.


csv.url = *ANY

csv.disableAntiXss = *ANY

json-tableTBL
(tick)
  • url
  • disableAntiXss
(info) url is
Info

URLs are allowed if

macro security

Macro Security
is not installed or is disabled.


json-table.url = *ANY

json-table.disableAntiXss = *ANY

excelXL
(tick)
  • url
  • disableAntiXss
(info) url is
Info

URLs are allowed if

macro security

Macro Security
is not installed or is disabled.


excel.url = *ANY

excel.disableAntiXss = *ANY

flashFLASH
(tick)
  • url
(info) url is
Info

URLs are allowed if

macro security

Macro Security
is not installed or is disabled.


flash.url = *ANY

markdownMARKDOWN
(tick)
  • allowHtml
  • markdown.allowJavaScript

markdown.allowHtml = *ANY

markdown.allowJavaScript = *ANY

markdown-attachmentMARKDOWN
(tick)
  • allowHtml
  • markdown-attachment.allowJavaScript

markdown-attachment.allowHtml = *ANY

markdown-attachment.allowJavaScript = *ANY

markdown-urlMARKDOWN
(tick)
  • allowHtml
  • profile (by value)
  • markdown-url.allowJavaScript

markdown-url.allowHtml = *ANY

markdown-url.profile.*=*ANY

markdown-url.allowJavaScript = *ANY

code-proCODE
(tick)
  • url
  • profile (by value)
(info) url is
Info

URLs are allowed if

macro security

Macro Security
is not installed or is disabled.


code-pro.url = *ANY

code-pro.profile.* = *ANY


Examples

The Example Configurations page provides sample app configurations you can download and import to use as the starting point for your Macro Security configuration.

Configuration Tips

Include Page
_ConfigurationTips
_ConfigurationTips

See Key Concepts to learn about Macro Security in general and to review several example syntaxes.



Info
titleCloud

 Macro security is not available on Cloud (OnDemand). Behavior of macros for Cloud is the same as if Macro Security was not installed.