Page Comparison

Description

Securing a macro with Macro Security for Confluence is helpful for particular, often more powerful macros.
When Macro Security is desired for a particular macro, a set of secured usage configurations (see options below) can be uniquely defined for that macro.
See the table below for a list of macros from Bob Swift Atlassian apps that implement Macro Security, along with additional details about what is specifically enabled for each macro.
For other macros (not outlined below) where Macro Security is also desired, developers may enable their own macros to participate. See Macro Security to Control User Macros for more details.

Panel

bgColor	#efefef

On This Page:

Table of Contents

maxLevel	3

HTML Comment

hidden	true

This page is referenced from the app's Get Started dialog

Usage

The basis of Macro Security is to prevent certain “restricted” macros from being deployed or edited within Confluence pages by unauthorized users, unless the edit restrictions defined for the page match the security restrictions defined for the macro OR the macro has been configured for and is being used in a space referenced by Macro Security for Trusted Spaces.
In some cases, you may opt to secure only specific macro parameters rather than the entire macro.
Once a macro (or a macro parameter) has been configured for restricted use, you need to review any existing Confluence page that uses the macro to ensure its page restrictions match that macro's newly configured security restrictions.
For enabled macros that are marked as Use Restriction below, a security configuration entry is required for the macro before it works on any installation where Macro Security enabled.

Legend

Column	Description	Example Configuration
Use Restriction	means macro can only be used by authorized users	`sql = confluence-administrators`
Parameter Restriction	means that one or more parameters can be restricted in total or by value if the parameter indicates this specifically	`sql.datasource.* = confluence-administrators` `sql.datasource.testDS = *ANY`
Controlled Parameters	List of those parameters that can be restricted or restricted by value

Enabled Macros

Please note that both the parameter names and values are case-sensitive!

Table plus

sortColumn	1
columnTypes	S,S,E,E

Macro	App	Controlled Parameters	Unrestricted Configuration
sql	SQL	datasource (by value) limit disableAntiXss querytimeout	`sql = ANY` `sql.datasource. = ANY` `sql.limit = ANY` `sql.disableAntiXss = ANY` `sql.querytimeout = ANY`
sql-query	SQL	datasource (by value) limit disableAntiXss querytimeout	`sql-query = ANY` `sql-query.datasource. = ANY` `sql-query.limit = ANY` `sql-query.disableAntiXss = ANY` `sql-query.querytimeout = ANY`
sql-file	SQL	datasource (by value) file (by value) limit disableAntiXss querytimeout	`sql-file = ANY` `sql-file.file. = ANY` `sql-file.datasource. = ANY` `sql-file.limit = ANY` `sql-file.disableAntiXss = ANY` `sql-file.querytimeout = ANY`
beanshell	SCRP		`beanshell = *ANY`
groovy	SCRP		`groovy = *ANY`
gant	SCRP		`gant = *ANY`
jython	SCRP		`jython = *ANY`
javascript	SCRP		`javascript = *ANY`
html	HTML	html.allowJavascript	`html = ANY` `html.allowJavascript = ANY`
xslt	HTML	disableSecureProcessing	`xslt = ANY` `xslt.disableSecureProcessing = ANY`
cli	CCLI	profile (by value) product (by value) directory (by value) datasource (by value)	`cli = ANY` `cli.profile. = ANY` `cli.product. = ANY` `cli.directory. = ANY` `cli.datasource. = *ANY`
include-remote	CCLI	profile (by value)	`include-remote = ANY` `include-remote.profile. = *ANY`
cache	CACHE		`cache = *ANY`
future	CACHE	timeout (if higher than default)	`future = ANY` `future.timeout = ANY`
run	RUN	disableAntiXss parameterinput (by value)	`run = ANY` `run.disableAntiXss = ANY` run.parameterinput.* = *ANY
run-now	RUN	disableAntiXss parameterinput (by value)	`run-now = ANY` `run-now.disableAntiXss = ANY` run-now.parameterinput.* = *ANY
csv	TBL	url disableAntiXss url is allowed if macro security is not installed or disabled.	`csv.url = ANY` `csv.disableAntiXss = ANY`
json-table	TBL	url disableAntiXss url is allowed if macro security is not installed or disabled.	`json-table.url = ANY` `json-table.disableAntiXss = ANY`
excel	XL	url disableAntiXss url is allowed if macro security is not installed or disabled.	`excel.url = ANY` `excel.disableAntiXss = ANY`
flash	FLASH	url url is allowed if macro security is not installed or disabled.	`flash.url = *ANY`
markdown	MARKDOWN	allowHtml markdown.allowJavaScript	`markdown.allowHtml = ANY` `markdown.allowJavaScript = ANY`
markdown-attachment	MARKDOWN	allowHtml markdown-attachment.allowJavaScript	`markdown-attachment.allowHtml = ANY` `markdown-attachment.allowJavaScript = ANY`
markdown-url	MARKDOWN	allowHtml profile (by value) markdown-url.allowJavaScript	`markdown-url.allowHtml = ANY` markdown-url.profile.=ANY `markdown-url.allowJavaScript = ANY`
code-pro	CODE	url profile (by value) url is allowed if macro security is not installed or disabled.	`code-pro.url = ANY` `code-pro.profile. = *ANY`

Examples

The Example Configurations page provides sample app configurations you can download and import to use as the starting point for your Macro Security configuration.

Configuration Tips

Include Page

	_ConfigurationTips
	_ConfigurationTips

See Key Concepts to learn about Macro Security in general and to review several example syntaxes.

Info

title	Cloud

Macro security is not available on Cloud (OnDemand). Behavior of macros for Cloud is the same as if Macro Security was not installed.

Versions Compared

Old Version 5

New Version Current

Key