Skip to end of banner
Go to start of banner

Secret permission matrix

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

DECEMBER 2023 We have released an improved version of Security and Encryption for Confluence Cloud with enhanced security. Check out the next steps for administrators.

Overview

This page displays the actions a user can perform with secrets and the related permission required by the user.

Permission required for secret owner action

A secret owner is a user who manages the secret. The table below shows the actions that can be performed by a secret owner:

Action

User Type

Space Permission

Secret Owner

Add Pages

Add/Delete Restrictions

Space Admin

View All

Delete Pages

Notes

Decrypt secret

(tick)

(error)

(error)

(error)

(tick)

(error)

 N/A

Edit secret

(tick)

(tick)

*(tick)

*(error)

(tick)

(error)

  • *Add/Delete Restrictions and Space Admin permissions are interchangeable, you can provide either one permission.

  • Editing a secret means editing the page, followed by editing the secret macro.

 Values of the secret that can be updated

- Title
- Description
- Secret
- Users
- User Groups
- User Owners
- Group Owners

Change secret owner

(tick)

(tick)

*(tick)

*(error)

(tick)

(error)

  • *Add/Delete Restrictions and Space Admin permission are interchangeable, you can provide either one permission.

  • Changing the secret owner requires the ability to edit the secret, similar access is required.

Delete secret

(tick)

(error)

(error)

(error)

(tick)

(tick)

  • ⚠️ The check for Delete Pages permission happens in the background, if the permission check fails, it will not display any error messages.

Bulk upgrade secret

(tick)

(tick)

*(tick)

*(error)

(tick)

(error)

  • *Add/Delete Restrictions and Space Admin permission are interchangeable, you can provide either one permission.

Permission required for secret user action

A secret user is a user who can access a secret on a page. The table below shows the actions that can be performed by a secret user:

Action

User Type

Space Permission

Secret User

Add Pages

Add/Delete Restrictions

Space Admin

View All

Delete Pages

Notes

Decrypt secret

(tick)

(error)

(error)

(error)

(tick)

(error)

 N/A

Permission required for non-secret owners and non-secret users action

The table below shows the actions that can be performed by non-secret users and non-secret owners:

Action

Space Permission

Admin Permission

Add Pages

Add/Delete Restrictions

Space Admin

View All

Site Admin/Org Admin

Notes

Create secret

(tick)

*(tick)

*(error)

(tick)

(error)

  • *Add/Delete Restrictions and Space Admin permissions are interchangeable, you can provide either one permission.

  • You are known as a secret owner after creating and owning the secret.

Restore or purge deleted secrets

(error)

(error)

(tick)

(tick)

(error)

N/A

View secret list

(error)

(error)

(error)

(tick)

(error)

N/A

Secret administration

(error)

(error)

(tick)

(tick)

(error)

 The following tabs can also be accessed

- Audit Logs
- Insights
- Server Migration
- Owner Restrictions

Migrate secrets

(error)

(error)

(tick)

(tick)

(tick)

  • site-admins or org-admins group is required to perform the CCMA migration.

  • Space Admin permission is required to perform the “Secret Transformation” action on the Server Migration tab.

  • No labels