Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-26434

Add ability to prevent certain users from calling certain user macros

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      We have macros that could reveal particularly sensitive information (e.g., email address) that we use for administration and the ability to 'call them' currently has no restrictions on them.

      Even though they can be 'hidden' from non-administrators in the macro browser, they can still be called by them if they know the name of the macro. Thus a client user, who has the ability to only post comments, can call them simply by typing them into a comment box. Of course, this would require them to know what they're called but if they find out then they could have access to particularly sensitive information.

      There should be a permission about who can 'call' some macros. If an administrator, or someone with sufficient privileges, has added them to a page then they should remain and be editable by those who can edit the page but calling new instances of them shouldn't be allowed.

              jmasson@atlassian.com John Masson
              4c44925d5073 Steve Goldberg
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: