How to view and bulk update add/delete restrictions?

DECember 2023 We have released an improved version of Security and Encryption for Confluence Cloud with enhanced security. Check out the next steps for administrators.

Purpose

To understand how an administrator can check for secret owners without add/delete restrictions and grant them access.

Answer

Step 1: Downloading the list of affected secret owners

  • choose Secret Administration

  • select Owner Restrictions

A list of secret owners without add/delete page restrictions is displayed.

  • select Generate user CSV list to download the list of secret owners

Step 2: Using the script to bulk update add/delete restrictions

This script provided below is for illustrative purposes. We recommend that any script be reviewed before executing it on your Confluence site.

Prerequisites

Use the script below to add users and groups from the CSV file downloaded in Step 1.

import csv import requests import json import base64 # Replace with your Confluence Cloud domain, email, API token, and CSV file CONFLUENCE_DOMAIN = '<instance-name>.atlassian.net' EMAIL = '<EMAIL_ADDRESS>' API_TOKEN = '<API_TOKEN>' CSV_FILE = '<CSV_FILE>' AUTH_STRING = EMAIL + ':' + API_TOKEN BASIC_AUTH_TOKEN = base64.b64encode(AUTH_STRING.encode("ascii")).decode("ascii") headers = { 'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': f'Basic {BASIC_AUTH_TOKEN}' } MAX_RETRY = 5 def update_space_permissions(permission, owner_type, owner_id, space_key, retries = 0): if retries >= MAX_RETRY: print(f'Reached maximum recursion depth. Exiting recursive calls.') return url = f'https://{CONFLUENCE_DOMAIN}/wiki/rest/api/space/{space_key}/permission' data = { 'operation': { 'key': permission, 'target': 'space' }, 'subject': { 'type': owner_type, 'identifier': owner_id } } response = requests.post(url, headers=headers, json=data) if response.status_code == 200: print(f'Updated permissions for {owner_id}: {permission} in space {space_key}') else: print(f'Failed to update permissions for {owner_id}: {permission} in space {space_key}. Error: {response.text}') if 'read space' in response.text: update_space_permissions('read', owner_type, owner_id, space_key, retries + 1) update_space_permissions(permission, owner_type, owner_id, space_key, retries + 1) def main(): with open(CSV_FILE, newline='') as csvfile: reader = csv.DictReader(csvfile) for row in reader: owner = row['Owner'] owner_type = row['Type'].lower() owner_id = row['OwnerId'] space_key = row['SpaceKey'] update_space_permissions('restrict_content', owner_type, owner_id, space_key) if __name__ == '__main__': main()

Step 3: Configuring the script

Replace

  • <instance-name>.atlassian.net with your Confluence domain

  • <EMAIL_ADDRESS> with the email associated with your Confluence domain

Obtain an API token by following these steps:

In Confluence

  • choose on your account icon > Manage Account

  • from the top menu, select Security > Create and manage API tokens

  • generate a new API token by clicking Create API token

  • in the script, replace <API_TOKEN> with the generated token

  • replace <CSV_FILE> with the name of the CSV file you want to use

The CSV file is located in the same directory as this script. Example: permissions.csv

Step 4: Running the script

To update permissions for users and groups, follow these steps:

  • open a terminal or command prompt

  • navigate to the directory where the script is located

  • run the command python bulk_update_permissions.py

The script will start updating the permissions based on the CSV file that was downloaded from the Owner Restrictions tab.

Review the script and CSV file before running the script to verify the permissions being modified.