New roles and permissions management at Confluence

Confluence is designed to make documentation management simple, easy to locate, comfortable for new users, simple to explain... and it is, except in one aspect: managing users and their roles in each space. If you've been using this Atlassian application for a while, perhaps this image looks familiar:

That's right, every time you want to give a new role to a user so they can create pages, modify information, or add attachments, editing permissions involves this table, which we administrators usually struggle with. Well, we have good news :).

Atlassian has realized that it was possible to improve this access management for spaces, and we now have the beta version of this new functionality available in our instances:

If you have already seen this banner in your instance, it means you are ready to try the new role management. A few details to keep in mind.

• If you activate this new functionality, you will not be able to go back. So if you have any doubts, you can review the complete documentation first.

• Atlassian has created 4 default roles, and you can create up to 10 custom roles.

• If you are a new user, don't even think about it! This option is for you. If you work in a highly customized environment and the roles and permissions management is heavily configured in your organization's spaces: read this article to the end to clear up any doubts and validate if it's really right for you.

Which are the new roles?

By default, when adding a new user, we can select any of the 4 roles that Atlassian has created:

1.Admin: the space administrator. Usually the space owner or someone from the IT team.

2.Manager: the administrator of the content and the users who access it. Usually does not handle technical configurations. Project leader, team leader...

3.Collaborator: user who adds and edits content in the space. Individual contributor.

4.Viewer: user who visits pages and adds comments on the space's content.

Most of the permissions associated with these roles are inherited from the previous model. But Atlassian has added some new ones that are important to know. Previously, they were actually associated with the general site administrator, but now they are at the space administration level, which gives users greater control.

• Manage user access to the space

• Allow and manage public links

• Manage guest access to the space

• Allow anonymous access

• Delete space

• Archive space

• Edit content

• Edit blogs

• Export individual content items

🚨 Note: anyone who had administration permissions with the previous model will continue to have these permissions with the new experience. However, no one will have these new permissions automatically if they did not previously have the administrator role.

What permissions does each user have?

In the same way that we access user permissions in other Atlassian applications like Jira; in this new view (table format) we can access each user to verify what permissions they have assigned and edit them directly. In the general user list, in the 3-dot menu > manage access, it will show us all the permissions for that person.

If the person does not have an assigned role, it will appear as “custom access” and we can edit each of the permissions independently. However, if we select one of the created roles (viewer, for example), only the checks corresponding to that role will be marked automatically.

From the same user control table, we can perform simple searches and see all users, groups, and guests on a single screen.

How to create custom roles?

If none of the default roles meet your needs, you can create up to 10 custom roles. To do so, you will have to go to the general Confluence administration > Security > Space permissions > Add custom role

Keep in mind that having many roles does not make administration easier. Think it through before creating one and assess if it's really a necessary case that isn't covered by any of the other roles.

As always, Atlassian will ask you for a series of information when creating your new role:

• Name for this role

• Description: which users it applies to

• Select the specific permissions you want this new role to have

Once you have created it, it will be available to select from any of the spaces in the instance.

If, during the creation process, you select the same permissions that an existing role already has, Atlassian will notify you so you don't duplicate that role. At an administrative level, it will only make management more complex, but it will not help users use it correctly:

Global access

A new setting also appears that makes it easy to grant global access to “all Confluence users” or “all Confluence administrators”. This way, it doesn't matter which group the user exactly belongs to; they will be able to see all the content we want in that space.

Is this beta for you?

As we mentioned at the beginning, this functionality is in beta, and it's important that you analyze if it makes sense for you.

This beta is for you if:

• If you are a new customer.

• If your organizational structure is small and very specific access granularity is not necessary.

• If your current configuration is covered by the 4 default roles + 10 custom roles.

Stick with the current role management if:

• If your instance is very complex and there are many automations linked to user roles.

• If your instance has hundreds of spaces and you are not clear about what access each one has.

• If you want to assign custom roles to guest users (this is not supported for now).

As always, during this beta phase, Atlassian will listen to feedback from all users. We encourage you to give them feedback and continue improving role and permission management in Confluence.

If you have any questions or need a hand, we're here to help! Contact us :)