Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-55260

users have access to Space Tools and Space Directory

XMLWordPrintable

    • 60
    • 55
    • Hide

      Thanks for the suggestion. We don't currently have plans to restrict this functionality from the guest experience.

      However, single space guests is now GA and allows customers to add guests to a space without access to the people directory or user information. You can read more about the feature here: https://community.atlassian.com/t5/Confluence-articles/Single-space-guests-now-on-Confluence-Cloud/ba-p/2121527

      Show
      Thanks for the suggestion. We don't currently have plans to restrict this functionality from the guest experience. However, single space guests is now GA and allows customers to add guests to a space without access to the people directory or user information. You can read more about the feature here: https://community.atlassian.com/t5/Confluence-articles/Single-space-guests-now-on-Confluence-Cloud/ba-p/2121527

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      Anonymous users have access to space tools and the Space Directory, which is inconvenient even if they do not have access to modify anything.

      Suggestion

      Provide an option to hide the space tools and the Space Directory from anonymous users

      Why this is important

      • Security concerns - The Space Tools exposes some internal stuff (e.g. names of Administrators) that we're not really keen to open up to the world.

      Workaround

      None

            [CONFCLOUD-55260] users have access to Space Tools and Space Directory

            Kevin Bianchi added a comment -

            Please, correct this asap!

            This is a real security concerns that anonymous user can see the space settings!

             

            Kevin Bianchi added a comment - Please, correct this asap! This is a real security concerns that anonymous user can see the space settings!  

            Frank Förster added a comment -

            I can only agree with user 4ca65f6a4bda .
            What is the point of showing the space settings to an anonymous user?
            It just creates confusion and leads to unnecessary questions.

            Please provide a way to hide this menu item "Space Settings".

            Frank Förster added a comment - I can only agree with user 4ca65f6a4bda . What is the point of showing the space settings to an anonymous user? It just creates confusion and leads to unnecessary questions. Please provide a way to hide this menu item "Space Settings".

            C. Dicker added a comment - - edited

            In no way, anyone intends to have the Space Settings accessible for anonymous users with view-only rights.
            (you can debate about whether named users with view-only rights should see it)

            Maybe it doesn't expose the list of space admins, but it shows the name of the space creator.
            Furthermore, it gives quite an unprofessional impression for the users, to have an useless settings-button.

            In this issue it says CONFCLOUD-58025

            Thanks for voting on this issue and letting us know what is important for your needs.
            We have now disallowed anonymous users to see "space settings" unless anonymous users have space export or space admin permissions for the space.

            Is this feature still active?
            My setup is view-only for anonymous users and they can still see the settings button.

            C. Dicker added a comment - - edited In no way, anyone intends to have the Space Settings accessible for anonymous users with view-only rights. (you can debate about whether named users with view-only rights should see it) Maybe it doesn't expose the list of space admins, but it shows the name of the space creator. Furthermore, it gives quite an unprofessional impression for the users, to have an useless settings-button. In this issue it says CONFCLOUD-58025 Thanks for voting on this issue and letting us know what is important for your needs. We have now disallowed anonymous users to see "space settings" unless anonymous users have space export or space admin permissions for the space. Is this feature still active? My setup is view-only for anonymous users and they can still see the settings button.

            Ned Lindau added a comment -

            Thanks for the feedback. Can you help me understand what you mean by "The Space Tools exposes some internal stuff (e.g. names of Administrators) that we're not really keen to open up to the world." Where does admin name get exposed?

            Ned Lindau added a comment - Thanks for the feedback. Can you help me understand what you mean by "The Space Tools exposes some internal stuff (e.g. names of Administrators) that we're not really keen to open up to the world." Where does admin name get exposed?

            Documentação added a comment -

            Tottaly agree, we need to make the page more professional.

            Documentação added a comment - Tottaly agree, we need to make the page more professional.

            Gui Ávila added a comment -

            Totally agree. And is such a simple thing to implement. I can't understand why products still have these problems and are never fixed...

            Gui Ávila added a comment - Totally agree. And is such a simple thing to implement. I can't understand why products still have these problems and are never fixed...

            Michael Barquero added a comment -

            Admins need 100% control over what appears on the sidebar, including button links such as JIRA, BitBucket, etc.

            Michael Barquero added a comment - Admins need 100% control over what appears on the sidebar, including button links such as JIRA, BitBucket, etc.

            Dariusz Niedbalski added a comment - - edited

            Can I have an update in this matter? It's now more than one year since this issue was reported and nothing has been done yet to resolve this issue. One of our project is still suspended due to security audit and serious security concern which Confluences run. If nothing will be done than we have to cancel our subscription and move our site somewhere else as this is taking too long to resolve such a simple issue!

            Dariusz Niedbalski added a comment - - edited Can I have an update in this matter? It's now more than one year since this issue was reported and nothing has been done yet to resolve this issue. One of our project is still suspended due to security audit and serious security concern which Confluences run. If nothing will be done than we have to cancel our subscription and move our site somewhere else as this is taking too long to resolve such a simple issue!

            Michael Woffenden added a comment -

            Agreed ... Atlassian, please take a close look at this and implement as soon as possible. 

            Admins need 100% control over what appears on the sidebar.

            Michael Woffenden added a comment - Agreed ... Atlassian, please take a close look at this and implement as soon as possible.  Admins need 100% control over what appears on the sidebar.

            Eleanor Dashfield added a comment -

            Adding my support to getting this issue fixed. This is a security concern and looks untidy and unprofessional to customers (anonymous users) as well.

            Eleanor Dashfield added a comment - Adding my support to getting this issue fixed. This is a security concern and looks untidy and unprofessional to customers (anonymous users) as well.

              638f49c4a7e7 Abhinav Singh
              pmiguel Paulo Miguel (Inactive)
              Votes:
              74 Vote for this issue
              Watchers:
              60 Start watching this issue

                Created:
                Updated: