Restricting drafts to specific users using the add-restriction macro
Overview
The restrictions macros in a workflow trigger do not give users permissions, but rather limit who has those permissions.
These examples summarise the macros you can use to change page restrictions.
These macros are used as part of a workflow trigger to set the content permission for the specified users and change the capability of these listed users.
the Confluence user(s) or a user who is a member of a Confluence group listed in the macro has the type of permission (
view
, oredit)
specified in the macroother users who are not listed in the macro have their permission for the content restricted
For example, if everyone has edit/view permissions for the space. the workflow trigger is used with the add-restriction macro to add edit restrictions to a page that are limited to user A and user B, named in the macro. Only users A and B can edit the page, everyone else can only view the page.
Restricting drafts to specific users
If you need to add view page restrictions when a page is created (and a label is added for a label-based space workflow) and manage changes in the users who can view or edit the content as you cycle through the workflow you can use the add-restriction and remove-restriction macros.
You can use the macros in several workflow triggers to manage user permission when the content is in the draft state, in our example the In Progress state
when the page is created - add view restriction
when the page Published - remove view restrictions
when the content state goes back to the draft In Progress state- add edit restriction and add view restriction
{workflow:name=Simple approval workflow View restrictions}
{description}
Group reviewers can Edit the page.
Once the page is Published, everybody can View the page.
Once the page transitions to In Progress, only members of the Confluence user group reviewers can View the Published page, reviewers can view and edit the draft In Progress content
{description}
{state:In Progress|submit=Published}
{state}
{state:Published|final=true|updated=In Progress|hideselection=true}
{state}
{trigger:pagecreated}
{add-restriction:type=View|group=reviewers}
{trigger}
{trigger:statechanged|state=In Progress}
{add-restriction:type=View|group=reviewers}
{add-restriction:type=Edit|group=reviewers}
{trigger}
{trigger:statechanged|state=Published}
{remove-restriction:type=View}
{trigger}
{workflow}
When the content is created, and the workflow is added as an active space workflow the content has page restrictions added.
The view and edit permission for the content is limited to the Confluence group reviewers.
Confluence users (Everyone) with permission for the content cannot now view or edit the content.
Remember that a user with administrator permission can still view and edit the content.
When the content transitions to the Published state the view restriction is removed using the remove-restriction macro for view permission.
{trigger:statechanged|state=Published}
{remove-restriction:type=View}
{trigger}
There is no change in the added permission restriction for the edit permission.
If the content returns to the draft In Progress state the limit on the view permission is added again.
If it is a content label filter workflow, an additional trigger is required to add the view restriction if the workflow filter label is added to the content.
{trigger:labeladded|label=restricttoreviewers}
{add-restriction:type=View|group=reviewers}
{trigger}
You also want to add a labelremoved trigger to remove the limit on the page-level restrictions on removal of the specified label from the content.