-
Suggestion
-
Resolution: Unresolved
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
For large confluence installation it is important to have RemoteAPI access to Confluence, but at the same time, it is not desirable to give the remote access to everyone and everywhere. For this reason a new permission that would control access to the remote API is needed.
It is unimaginable to have Confluence admins of big instances decide who should get the remote api access and for which space. Such a decision should be delegated to the space admins, which are the content owners for the given space and can make a qualified decision about the access via the RemoteAPI for their space.
For this reason a new space permission is needed. This space permission would be controlled as any other permission via the Space Admin -> Permissions view.
A patch with this functionality was developed against Confluence 2.x and the patch provided is rebased for 2.10.2. Patch was written in a minimalistic way in order to introduce minimal performance penalty and make it easy to port it between different confluence versions.
In our case we wanted to restrict access to global remote api calls only to confluence admins as well, so we created a patch for that too (attached as remote-api-admin-authorization.patch). It would be nice if this patch was rewritten so that an individual global permission to access these global methods exists too, but this isn't as important for us as having the space permission patch accepted to the confluence source base. I'm attaching both patches just to give you an idea of what we do. It's up to you if you decide to take the admin patch and rewrite it so that a global permission exists as well.
The order in which patches should be applied to confluence source base is remote-api-admin-authorization.patch -> remote-api-authorization.patch.
- is related to
-
CONFSERVER-15160 Remote API Access Space Permission (PATCH)
- Gathering Interest