Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-28946

Anonymous space permission allows non-permissioned groups to access space, when global permissions are set to prevent anonymous access

XMLWordPrintable

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      The Space Admin functionality allows a space to have 'Anonymous Access' allowed and displays the following warning:

      WARNING
      Anonymous users will not be able to view this space, because they have not been granted the global ‘Use Confluence’ permission. You can grant anonymous access to Confluence from global permissions.

      The global permissions of the Confluence environment prevents anonymous users from accessing Confluence.

      However, a user that is permissioned to Confluence but does not belong to a group that is currently permissioned to the space is now able to access the space. Examples of this behaviour have been attached.

      Removing the anonymous flag from the space will then prevent this user from being able to access the space. You can use the following query to identify spaces with Anonymous permissions enabled:

      SELECT spacename, 
       spacekey 
FROM   spaces 
WHERE  spaceid IN (SELECT spaceid 
                   FROM   spacepermissions 
                   WHERE  permgroupname IS NULL 
                          AND permusername IS NULL);

      Cheers,
      Paul

        1. adding_comment_on_space.jpeg
          adding_comment_on_space.jpeg
          365 kB
        2. global_permissions.jpeg
          global_permissions.jpeg
          326 kB
        3. profile_only_users_group.jpeg
          profile_only_users_group.jpeg
          45 kB
        4. space_permissions.jpeg
          space_permissions.jpeg
          481 kB

            [CONFSERVER-28946] Anonymous space permission allows non-permissioned groups to access space, when global permissions are set to prevent anonymous access

            Saba Taseer made changes -
            Remote Link Original: This issue links to "Page (Bulldog)" [ 388621 ]
            Saba Taseer made changes -
            Remote Link Original: This issue links to "Page (Bulldog)" [ 388127 ]
            set-jac-bot made changes -
            Fixed in Long Term Support Release/s New: [Download 7.4|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]
            Jiri Hronik made changes -
            Fix Version/s New: 7.4.10 [ 94902 ]
            Mahesh Swami made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            Mahesh Swami made changes -
            QA Demo Status New: Done [ 14331 ]
            QA Kickoff Status New: Done [ 14235 ]
            SET Analytics Bot made changes -
            UIS Original: 10 New: 11
            Mahesh Swami made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            SET Analytics Bot made changes -
            UIS Original: 7 New: 10
            Mahesh Swami made changes -
            Link Original: This issue was cloned as CONFSERVER-66177 [ CONFSERVER-66177 ]

              mswami@atlassian.com Mahesh Swami
              pgreig Paul Greig
              Affected customers:
              31 This affects my team
              Watchers:
              48 Start watching this issue

                Created:
                Updated:
                Resolved: