How to view and bulk update add/delete restrictions?
DECember 2023 We have released an improved version of Security and Encryption for Confluence Cloud with enhanced security. Check out the next steps for administrators.
Purpose
To understand how an administrator can check for secret owners without add/delete restrictions and grant them access.
Answer
Step 1: Downloading the list of affected secret owners
choose Secret Administration
select Owner Restrictions
A list of secret owners without add/delete page restrictions is displayed.
select Generate user CSV list to download the list of secret owners
Step 2: Using the script to bulk update add/delete restrictions
This script provided below is for illustrative purposes. We recommend that any script be reviewed before executing it on your Confluence site.
Prerequisites
install Python in your environment. Download Python from the official website: Download Python 3
install the 'requests' Python library
Use the script below to add users and groups from the CSV file downloaded in Step 1.
import csv
import requests
import json
import base64
# Replace with your Confluence Cloud domain, email, API token, and CSV file
CONFLUENCE_DOMAIN = '<instance-name>.atlassian.net'
EMAIL = '<EMAIL_ADDRESS>'
API_TOKEN = '<API_TOKEN>'
CSV_FILE = '<CSV_FILE>'
AUTH_STRING = EMAIL + ':' + API_TOKEN
BASIC_AUTH_TOKEN = base64.b64encode(AUTH_STRING.encode("ascii")).decode("ascii")
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': f'Basic {BASIC_AUTH_TOKEN}'
}
MAX_RETRY = 5
def update_space_permissions(permission, owner_type, owner_id, space_key, retries = 0):
if retries >= MAX_RETRY:
print(f'Reached maximum recursion depth. Exiting recursive calls.')
return
url = f'https://{CONFLUENCE_DOMAIN}/wiki/rest/api/space/{space_key}/permission'
data = {
'operation': {
'key': permission,
'target': 'space'
},
'subject': {
'type': owner_type,
'identifier': owner_id
}
}
response = requests.post(url, headers=headers, json=data)
if response.status_code == 200:
print(f'Updated permissions for {owner_id}: {permission} in space {space_key}')
else:
print(f'Failed to update permissions for {owner_id}: {permission} in space {space_key}. Error: {response.text}')
if 'read space' in response.text:
update_space_permissions('read', owner_type, owner_id, space_key, retries + 1)
update_space_permissions(permission, owner_type, owner_id, space_key, retries + 1)
def main():
with open(CSV_FILE, newline='') as csvfile:
reader = csv.DictReader(csvfile)
for row in reader:
owner = row['Owner']
owner_type = row['Type'].lower()
owner_id = row['OwnerId']
space_key = row['SpaceKey']
update_space_permissions('restrict_content', owner_type, owner_id, space_key)
if __name__ == '__main__':
main()
Step 3: Configuring the script
Replace
<instance-name>.atlassian.net
with your Confluence domain<EMAIL_ADDRESS>
with the email associated with your Confluence domain
Obtain an API token by following these steps:
In Confluence
choose on your account icon > Manage Account
from the top menu, select Security > Create and manage API tokens
generate a new API token by clicking Create API token
in the script, replace
<API_TOKEN>
with the generated tokenreplace
<CSV_FILE>
with the name of the CSV file you want to use
The CSV file is located in the same directory as this script. Example: permissions.csv
Step 4: Running the script
To update permissions for users and groups, follow these steps:
open a terminal or command prompt
navigate to the directory where the script is located
run the command
python bulk_update_permissions.py
The script will start updating the permissions based on the CSV file that was downloaded from the Owner Restrictions tab.
Review the script and CSV file before running the script to verify the permissions being modified.