How to view and bulk update add/delete restrictions?

DECember 2023 We have released an improved version of Security and Encryption for Confluence Cloud with enhanced security. Check out the next steps for administrators.

Purpose

To understand how an administrator can check for secret owners without add/delete restrictions and grant them access.

Answer

Step 1: Downloading the list of affected secret owners

choose Secret Administration
select Owner Restrictions

A list of secret owners without add/delete page restrictions is displayed.

select Generate user CSV list to download the list of secret owners

Step 2: Using the script to bulk update add/delete restrictions

This script provided below is for illustrative purposes. We recommend that any script be reviewed before executing it on your Confluence site.

Prerequisites

install Python in your environment. Download Python from the official website: Download Python 3
install the 'requests' Python library

Use the script below to add users and groups from the CSV file downloaded in Step 1.

import csv
import requests
import json
import base64
# Replace with your Confluence Cloud domain, email, API token, and CSV file
CONFLUENCE_DOMAIN = '<instance-name>.atlassian.net'
EMAIL = '<EMAIL_ADDRESS>'
API_TOKEN = '<API_TOKEN>'
CSV_FILE = '<CSV_FILE>'
AUTH_STRING = EMAIL + ':' + API_TOKEN
BASIC_AUTH_TOKEN = base64.b64encode(AUTH_STRING.encode("ascii")).decode("ascii")
headers = {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': f'Basic {BASIC_AUTH_TOKEN}'
}
MAX_RETRY = 5
def update_space_permissions(permission, owner_type, owner_id, space_key, retries = 0):
    if retries >= MAX_RETRY:
        print(f'Reached maximum recursion depth. Exiting recursive calls.')
        return
    url = f'https://{CONFLUENCE_DOMAIN}/wiki/rest/api/space/{space_key}/permission'
    data = {
        'operation': {
            'key': permission,
            'target': 'space'
        },
        'subject': {
            'type': owner_type,
            'identifier': owner_id
        }
    }
    response = requests.post(url, headers=headers, json=data)
    if response.status_code == 200:
        print(f'Updated permissions for {owner_id}: {permission} in space {space_key}')
    else:
        print(f'Failed to update permissions for {owner_id}: {permission} in space {space_key}. Error: {response.text}')
        if 'read space' in response.text:
            update_space_permissions('read', owner_type, owner_id, space_key, retries + 1)
            update_space_permissions(permission, owner_type, owner_id, space_key, retries + 1)
def main():
    with open(CSV_FILE, newline='') as csvfile:
        reader = csv.DictReader(csvfile)
        for row in reader:
            owner = row['Owner']
            owner_type = row['Type'].lower()
            owner_id = row['OwnerId']
            space_key = row['SpaceKey']
            update_space_permissions('restrict_content', owner_type, owner_id, space_key)
if __name__ == '__main__':
    main()

Step 3: Configuring the script

Replace

<instance-name>.atlassian.net with your Confluence domain
<EMAIL_ADDRESS> with the email associated with your Confluence domain

Obtain an API token by following these steps:

In Confluence

choose on your account icon > Manage Account
from the top menu, select Security > Create and manage API tokens
generate a new API token by clicking Create API token
in the script, replace <API_TOKEN> with the generated token
replace <CSV_FILE> with the name of the CSV file you want to use

Step 4: Running the script

To update permissions for users and groups, follow these steps:

open a terminal or command prompt
navigate to the directory where the script is located
run the command python bulk_update_permissions.py