Secret permission matrix

Owned by Nirosan (Unlicensed)
Last updated: Feb 14, 2024 by Robert Alexander Marshall
2 min read

DECember 2023 We have released an improved version of Security and Encryption for Confluence Cloud with enhanced security. Check out the next steps for administrators.

1 Overview | 2 Permission required for secret owner action | 3 Permission required for secret user action | 4 Permission required for non-secret owners and non-secret users action | 5 Other installed Confluence app user permissions

Overview

This page displays the actions a user can perform with secrets and the related permission required by the user.

Permission required for secret owner action

A secret owner is a user who manages the secret. The table below shows the actions that can be performed by a secret owner:

Action

User Type

Space Permission

 

Secret Owner

Add Pages

Add/Delete Restrictions

Space Admin

View All

Delete Pages

Notes

Decrypt secret

 N/A

Edit secret

*

*

  • *Add/Delete Restrictions and Space Admin permissions are interchangeable, you can provide either one permission.

  • Editing a secret means editing the page, followed by editing the secret macro.

- Title
- Description
- Secret
- Users
- User Groups
- User Owners
- Group Owners

Change secret owner

*

*

  • *Add/Delete Restrictions and Space Admin permission are interchangeable, you can provide either one permission.

  • Changing the secret owner requires the ability to edit the secret, similar access is required.

Delete secret

  • The check for Delete Pages permission happens in the background, if the permission check fails, it will not display any error messages.

Bulk upgrade secret

*

*

  • *Add/Delete Restrictions and Space Admin permission are interchangeable, you can provide either one permission.

Permission required for secret user action

A secret user is a user who can access a secret on a page. The table below shows the actions that can be performed by a secret user:

Action

User Type

Space Permission

 

Secret User

Add Pages

Add/Delete Restrictions

Space Admin

View All

Delete Pages

Notes

Decrypt secret

 N/A

Permission required for non-secret owners and non-secret users action

The table below shows the actions that can be performed by non-secret users and non-secret owners:

Action

Space Permission

Admin Permission

 

Add Pages

Add/Delete Restrictions

Space Admin

View All

Site Admin/Org Admin

Notes

Create secret

*

*

  • *Add/Delete Restrictions and Space Admin permissions are interchangeable, you can provide either one permission.

  • You are known as a secret owner after creating and owning the secret.

Restore or purge deleted secrets

N/A

View secret list

N/A

Secret administration

- Audit Logs
- Insights
- Server Migration
- Owner Restrictions

Migrate secrets

  • site-admins or org-admins group is required to perform the CCMA migration.

  • Space Admin permission is required to perform the “Secret Transformation” action on the Server Migration tab.

Other installed Confluence app user permissions

Installing other Confluence add-ons or apps may introduce new users to the instance and these apps may unintentionally gain access to your sensitive information contained in Secrets.

To prevent such an occurrence, an administrator needs to compare the Secrets permission matrix above and the other app users' permissions.

Find further details here.