-
Suggestion
-
Resolution: Unresolved
-
5
-
16
-
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
In addition to sharing information within my company, we would like to use Confluence for sharing certain information with our customers and clients, and have it host our public website. The one thing that is holding us back from doing this is the inability to restrict who can see a user's profile. Profiles can even be viewed by anonymous users and to my knowledge there is no way to create a named user account without also creating a profile. Someone please correct me if I'm wrong. In our case, many of our clients are also direct competitors, and the last thing we want to do is give them a list of all our employees. The same concern also applies to the names at the top of each page, on the dashboard, in the search results, etc., that tell you who last changed the page and at what date and time.
I tried to come up with couple of ideas about how restriction of user profiles and user names might work. My preferred solution by far is number one but it may also be the most difficult to implement.
1. A user is only allowed to see the name and profile of another user if they are in the same group. (at least one group, not all)
2. Allow a global administrative option for enabling/disabling user names and profiles.
3. Allow each user to decide whether their name and/or profile should be viewable.
I think that this feature would be useful for many people, although I don't want to speak for other customers. Having such a feature would certainly allow the product to penetrate many more areas of my company.
Thanks for your suggestions and feedback on this issue. We do agree that restricting access to user names and profiles could be valuable for users, particularly in an externally-facing Confluence environments.
Some of you have also shared concerns around data privacy legislations being enforced in Europe next year. We'd like to assure you that Atlassian is committed to data privacy. Read more about this in our blog.
The use cases stemming from external collaboration do touch quite a number of features in the product including user profiles, people directory, mentions, shares, comments and search. We are excited to share that External Collaboration will be added to Confluence Premium in the coming months. We will open up a free beta program of the feature within the next quarter, and will provide updates here as soon as you're able to sign up.
Many thanks,
Confluence Product Management
- duplicates
-
- Closed
- incorporates
-
- Closed
- is duplicated by
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
- is related to
-
- Closed
-
- Gathering Interest
-
- Gathering Interest
- relates to
-
- Closed
-
- Closed
- is addressed by
-
ENT-1247 Loading...
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
[CONFCLOUD-1882] Restricting access to user names and profiles
Hello dac59018bd61,
instead of just adding further links, a general update on this topic would be interesting. From the panel in the description I can see that it was planned to get something under way in 2022. Now we are at the end of 2023 and there is still no progress? How come? What is the roadmap for it? Is someone working on that topic at all? What do you expect us to do?
I mean this Issue was created almost 20 years ago. It is kind of ridiculous... Especially for Cloud you could have this topic on the agenda right from the beginning. What was the benefit of the Cloud products exactly?
Regards
Michael
Wow, opened in 2004 and we're still facing this conundrum. That's a bit disappointing to say the least.
I'm afraid to ask, has there been any progress made on identifying/implementing a solution?
@dub,
thanks for your information. But to be honest, Your post shows exactly that Atlassian does not take data protection seriously. This can also be explained quite simply.
- You wrote: "...data privacy legislations being enforced in Europe next year" - but, GDPR was released in MAY 2018, so long time ago.
- The blog you've but a link in your post argued that Atlassian complies with the GDPR by using the SCC (Standard Contractual Clauses). Unfortunately, the SCC were declared as no longer compliant in the summer of 2020. This means that using the SCC automatically means that you are not compliant with the GDPR.
Pls. see the following links as evidence to my statement. It would be nice if you also but some credible evidence to support your claim, rather than a blog post from your employer, which unfortunately is not a binding legal statement.
Kind regards,
Thorsten Dombach
Very good suggestion, we had invited external partner to our Confluence to work together. And I want to allow these invited users to see the usernames of the others.
Doesn't matter that access of companies to everyone to users & freelancers to People Directory comply with GDPR rules on Europe? Some Europe freelancers comply because get contacted by other companies from People Directory and we must to remove a lot of users from Jira Core & Confluence Cloud to stop complains regarding GDPR.
Atlassian do not understand that access to people directory is illegal in Europe (because companies can contact individuals via People directory), perhaps when Atlassian will take a fine regarding GDPR, a fine that can reaches up to 25% of theirs profit, maybe then will understand they got problem!
I'm the product manager looking after Atlassian Cloud people directory. I'm looking for feedback on our user-to-user visibility rules that apply at the people directory. We have a set of rules that should solve for the above example scenario as a "smart default", but I want to see whether there are additional scenarios to consider.
Please take a moment to read and provide feedback there. https://community.atlassian.com/t5/Teamwork-discussions/Call-for-feedback-Atlassian-cloud-people-directory-user/m-p/797370#M74
Thanks,
Matt Russell
Atlassian Product
Thanks for the suggestion. Unfortunately, we do use user mentions in Confluence. 
This is a serious privacy concern for us and unbelievable this significant issue has not been addressed for almost 10
years!
On the personal profile activity/”Worked on” area it is listing activity not only from Spaces of the current Confluence instance, but ALL Spaces from ANY project this Confluence user worked on.
And as a user might work for different projects, some of which can be Open Source, there are no access restrictions - Open Source projects can be accessed by anybody, obviously!
But still a user might not want everybody in one list to see every single comment he ever made to an Open Source project. Is that not understandable?
GitHub as any other professional collaboration tool does respect the users privacy and offers a way to completely disable/hide the activity/”Worked on” section in the profile.
But Atlassian apparently does not care and/or respect users privacy and continues to share activity information without user consent.