How do permissions work? How is Confluence access controlled?
- Megan Storie
- Dallas De Marr (Deactivated)
- Evn Tomeny [Appfire]
- Michelle Ruoff
Overview
Permissions in Docs+ are built into every user interaction with the platform. This guide details how permissions work and the options available to your team.
Docs+ automatically respects users' Confluence permissions.
Space access can be further limited via our settings.
We have account admin and channel admin user types.
There is one intended exception to the above. When @mentioned in a page or a comment on a page that a user cannot see, they will still receive a notification for that @mention.
On this page: |
|---|
Â
Â
Connected User and Application Link
The main user is the user who initially connected your bot in Slack to your Confluence instance. This user requires admin permissions in Confluence to create a connection to the APIs.
The default permissions for all API calls we make to Confluence are automatically limited to the access of this main user and further limited based on user authorization (see below).
Some of our customers create service accounts for these users.
Â
Â
Â
User connections
The first time users interact with the app, they will be automatically required to connect their Slack account with their Confluence account to establish connectivity and permissions in Confluence.
Your password is never shared with our systems.
Every action you take in Slack (create, comment) will be attributed to your Confluence account.
Your permissions are based on your Confluence access.
Â
When you perform your first action in Slack, you will be asked to connect your account. You can also manually trigger the connection by typing /docs-plus connect.
Click the Connect Now button in Slack.
Click Allow in Confluence.
Click the button to go to the home screen in Slack.
Â
Â
Â
How permissions are applied
Learn how permissions can apply to specific scenarios using the following use cases.
Â
Â
Â
Case 1: User space access equals the main user
In this case, the main user has access to Space FIN (Finance) in Confluence, and the connected user has access to FIN (Finance) in Confluence.
Result: The connected user has access to FIN with the app.
Case 2: User space access less than the main user
In this case, the main user has access to Space FIN (Finance) in Confluence, and the connected user cannot access FIN (Finance) in Confluence.
Result: The connected user cannot access FIN with the app.
Case 3: User space access more than the main user
In this case, the main user cannot access Space FIN (Finance) in Confluence, but the connected user can access FIN (Finance) in Confluence.
Result: The connected user cannot access FIN with the app.
Why? The main user is the primary connection to Confluence, and the app's permissions are inherited from the main user as a starting point. Every other user's access is a subset of the main user's access.
Case 4: User can view but not update issues in space
In this case, the connected user has VIEW access to space FIN (Finance) in Confluence but does not have UPDATE access.
Result: Connected users can view issues in FIN but cannot update issues in FIN.
Why? Users can never perform actions in the app that are not allowed in the Confluence settings.
Â
Â
Changing the main authorized user
Switching the main authorized user can cause disruptions for your team if you already use our production platform. The disruption is based on the authorizations in Confluence for your API connection and how OAuth works to connect and authorize with the APIs. If you are making this change it might be a good time to move to a service account.
The main impact for users will be requests to re-authorize their accounts.
Â
Log in to Confluence using the account you would like to use as your main user.
Log in to your account.
Scroll down to the Docs+ Status section.
Find the Main authorized user in the section.
Click the Change link.
Click the Allow button in Confluence.
Â