• Set less specific values first, then more specific.
  • Use generics to set parameter values if necessary. Example: sql.datasource.* = confluence-administrators.
  • Use *ANY to not restrict a specific setting. Example: run = *ANY.
  • Set a value for every macro that can be controlled (for instance, a value of *ANY). Lack of a value normally means it is not authorized.
  • If a page containing a restricted macro will be viewed or updated by a user using remote REST APIs, including an account used for automation purposes, that Macro Security configuration must give that user authorization to use that restricted macro.