Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

As with any security implementation, you should develop a plan for what needs to be controlled and who needs to have access. Access can be given to individual userids or groups. In many cases, confluence-administrators will likely be one such group to whom you will give access. Also, review Macro Security Managed Macros to understand what elements can be controlled.

Accessing the Add-on's Configuration page

From the Manage Add-ons admin page, expand the Macro Security for Confluence item and click Configure to access its configuration page.

Use Cases

There are two Use Cases.

Table plus
columnStyleswidth:120px


Use Case #1Your Confluence site does not yet have any of the macros that implement Macro Security installed and you will only install them after Macro Security has been set up.
Use Case #2Your Confluence site already has installed one or more of the macros that implement Macro Security and now want to start to secure their use.



Steps for Use Case #1

  1. Install the CMSP add-on.
  2. Do not enable security from the add-on's configuration page.
  3. Create and edit a macro-security.properties file that allows only the access you have planned.
    • Go to a convenient location in Confluence and add the file as an attachment. Using an attachment is convenient as it is automatically versioned by Confluence for future reference and change control.
    • The file can be named differently if needed.
    • See Example Configurations to review some sample configuration files you may wish to use as a starting point.
    • See Understanding How Macro Security Works to learn how the the properties file Use Restrictions and Parameter Restrictions work.
  4. Go to the add-ons configuration page and:
    1. Provide the name of the properties file you added as an attachment to a Confluence page, using the syntax of space:page^filename and then click Load to load that properties file.
    2. Select the Enable checkbox and then click Save to enable security.
  5. Install one of the add-ons that you've configured to be restricted in the properties file.
  6. Create a test page to verify that if the proper page restrictions are not added, then the page shows the appropriate error on display.
  7. Repeat steps 6-7 for each add-on that needs to be installed.

Steps for Use Case #2

Care must be taken to avoid errors on pages that no longer conform to the security requirements.

  1. Install the CMSP add-on.
  2. Do not enable security from the add-on's configuration page. 
  3. Create and edit a macro-security.properties file that allows all access for the macros you use – in essence, not implementing any restrictions. 
    • Go to a convenient location in Confluence and add the file as an attachment. Using an attachment is convenient as it is automatically versioned by Confluence for future reference and change control.
    • The file can be named differently if needed.
    • See Example Configurations to review some sample configuration files you may wish to use as a starting point.
    • See Understanding How Macro Security Works to learn how the the properties file Use Restrictions and Parameter Restrictions work.
  4. Go to the add-ons configuration page and:
    1. Provide the name of the properties file you added as an attachment to a Confluence page, using the syntax of space:page^filename and then click Load to load that properties file.
    2. Select the Enable checkbox and then click Save to enable security.
  5. Using some of your existing pages that use macros that implement Macro Security, verify they continue to work as before.
  6. Identify one of the macros you want to restrict.
  7. Find pages that use that macro.
  8. Apply "edit" page restrictions to those pages to only allow groups that are supposed to have access to the macro.
  9. Edit the macro-security.properties file to restrict that specific macro, save your changes, and upload it to the Confluence page to which you previously attached it.
  10. Re-load the properties file from the add-on's configuration page to make the configuration active.
  11. Verify pages continue to work as before.
  12. Create a test page to verify that if the proper page restrictions are not added, then the page shows the appropriate error on display.
  13. Repeat steps 7-13 for each macro you want to restrict.

Trusted Spaces approach

A new option is available that may apply in some Use Cases. See Using the Trusted Spaces Approach for more details.

Configuration Tips

Include Page
_ConfigurationTips
_ConfigurationTips

Communicating your configuration to users

It is a best practice to create a page for your Confluence user community that documents how you've configured Macro Security. This will guide them as to the "edit" page restrictions they must add to any page that will be using a restricted macro, and what spaces you've configured to use the Trusted Spaces approach for macro security.


Panel
bgColor#efefef

 On This Page:

Table of Contents
maxLevel3