When a Confluence Administrator installs and configures Macro Security, a series of of settings define how certain macros can be used. There are 2 approaches to defining those settings:

1. Trusted Users and Groups
2. Trusted Spaces, which defines the spaces in which content using those macros can reside.

Trusted Users and Groups

If the Macro Security configuration uses the Trusted Users and Groups approach, then it has identified the specific users and groups who are permitted to edit content containing those macros.

Each page or blog post that uses a restricted macro must have "edit" page restrictions in place that are consistent with what the Confluence Administrator defined in the Macro Security configuration. When Confluence renders the content, the restricted macro will see what "edit" page restrictions exist and compare them to what is expected to exist per the Macro Security configuration. 

• If there are no "edit" page restrictions, the restricted macro will render an error like the following instead of its expected output:

• If "edit" page restrictions are present and they are inconsistent with what is expected to exist per the Macro Security configuration, then the restricted macro will render an error like the following instead of its expected output:

• If "edit" page restrictions are present and they are consistent with what is expected to exist per the Macro Security configuration, then the restricted macro will render the expected output.

Note that since a Confluence page or blog post can contain multiple macros, some of which may be restricted and some of which may be unrestricted, the output of any unrestricted macro is unaffected by Macro Security. In other words, even if consistent "edit" page restrictions are not in place, any unrestricted macros should render their output as expected.

Trusted Spaces

If the Macro Security configuration uses the Trusted Spaces approach, then it has identified the space(s) in which content using those macros can reside.

Each page or blog post that uses a restricted macro must reside in a space matching what the Confluence Administrator defined in the Macro Security configuration. When Confluence renders the content, the restricted macro will see if the space in which the content resides matches what is specified in the Macro Security configuration.

The restricted macro does not check any "edit" page restrictions when the Trusted Spaces approach is used. Instead, it expects the Confluence Administrator and/or Space Administrator will ensure that the space permissions allow only trusted users and groups to edit content in that space.

• If the content resides in a space that is not referenced by the Macro Security configuration, the restricted macro will render an error instead of its expected output.
  
  
• If the content resides in a space that is referenced by the Macro Security configuration, the restricted macro will render its expected output.

Note that since a Confluence page or blog post can contain multiple macros, some of which may be restricted and some of which may be unrestricted, the output of any unrestricted macro is unaffected by Macro Security. In other words, even if the content lives in a space that is not referenced by the Macro Security configuration, any unrestricted macros should render their output as expected.

You can learn more about how Macro Security works by reading Understanding How Macro Security Works.