[CONFCLOUD-72064] Confluence Space Imports are now Adding users to the site

Type: Suggestion
Resolution: Fixed
Component/s: Migrations - Space - Import
Labels:
- RIBS

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

When importing a space using:

https://<sitename>.atlassian.net/wiki/admin/importspace/importconfluencespace.action

Once the import is complete users that have content (page, drafts, likes, comments, etc.) in the space are added to the site and show in the admin.atlassian.com management portal as having site access.

Previously this was not the case and the users would simply show as unlicensed.

An option to choose whether or not to import users during the Space Migration would be beneficial.

has a derivative of

CONFCLOUD-75236 Improve audit logging for users added via space import

Closed

relates to

CONFCLOUD-75236 Improve audit logging for users added via space import

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

EMS Databob added a comment - 04/Oct/2023 7:26 PM

So it took more than two years to close a security issue. Somewhat frightening.

EMS Databob added a comment - 04/Oct/2023 7:26 PM So it took more than two years to close a security issue. Somewhat frightening.

Rebekkah Dorhout made changes - 04/Oct/2023 6:37 PM

Labels

New: RIBS

Rebekkah Dorhout made changes - 27/Jul/2023 10:29 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 793739 ]

Giuliano C. made changes - 13/Jul/2023 5:59 PM

Link

New: This issue has a derivative of ~~CONFCLOUD-75236~~ [ ~~CONFCLOUD-75236~~ ]

Steven Bao made changes - 13/Jul/2023 4:15 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Gathering Interest [ 11772 ]	New: Closed [ 6 ]

Steven Bao added a comment - 13/Jul/2023 4:15 PM - edited

Hey everyone, this should not be happening for either XML or CSV space imports from cloud to cloud.

For space imports from server to cloud, we need to create the user in the userbase if they do not have an Atlassian account. They do not get product access however.

Steven Bao added a comment - 13/Jul/2023 4:15 PM - edited Hey everyone, this should not be happening for either XML or CSV space imports from cloud to cloud. For space imports from server to cloud, we need to create the user in the userbase if they do not have an Atlassian account. They do not get product access however.

Steven Bao made changes - 13/Jul/2023 4:11 PM

Assignee

New: Steven Bao [ sbao ]

Steve Luebbe added a comment - 27/Feb/2023 9:00 PM

This shouldn't be enabled by default. In testing a migration of content between sites it just sent out 50 invites to users that shouldn't have access to this test instance.

Steve Luebbe added a comment - 27/Feb/2023 9:00 PM This shouldn't be enabled by default. In testing a migration of content between sites it just sent out 50 invites to users that shouldn't have access to this test instance.

Charles Blaxland added a comment - 17/Feb/2023 6:07 AM - edited

I'll add my voice to the chorus of disapproval here. A recent Confluence space import in our instance resulted in 80 or so unauthorised users being automatically created in our directory and invited to our instance. These users then even showed up in our user pickers for Jira tickets! I'd have thought this is a pretty major security issue and as such a high priority fix.

Edit: in addition to the security issues this thread rightly points out possible legal issues with GDPR, as the imported users contain email addresses and profile pictures. Please fix!

Charles Blaxland added a comment - 17/Feb/2023 6:07 AM - edited I'll add my voice to the chorus of disapproval here. A recent Confluence space import in our instance resulted in 80 or so unauthorised users being automatically created in our directory and invited to our instance. These users then even showed up in our user pickers for Jira tickets! I'd have thought this is a pretty major security issue and as such a high priority fix. Edit: in addition to the security issues this thread rightly points out possible legal issues with GDPR, as the imported users contain email addresses and profile pictures. Please fix!

Giuliano C. made changes - 25/Jan/2023 6:27 PM

Link

New: This issue relates to ~~CONFCLOUD-75236~~ [ ~~CONFCLOUD-75236~~ ]

Assignee:: Steven Bao

Reporter:: Gerson P.

Votes:: 50 Vote for this issue

Watchers:: 55 Start watching this issue

Created:: 29/Apr/2021 11:23 AM

Updated:: 04/Oct/2023 7:26 PM

Resolved:: 13/Jul/2023 4:15 PM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: EMS Databob added a comment - 04/Oct/2023 7:26 PM

Expand comment: EMS Databob added a comment - 04/Oct/2023 7:26 PM

Collapse comment: Steven Bao added a comment - 13/Jul/2023 4:15 PM, Edited by Steven Bao - 13/Jul/2023 9:00 PM

Expand comment: Steven Bao added a comment - 13/Jul/2023 4:15 PM, Edited by Steven Bao - 13/Jul/2023 9:00 PM

Collapse comment: Steve Luebbe added a comment - 27/Feb/2023 9:00 PM

Expand comment: Steve Luebbe added a comment - 27/Feb/2023 9:00 PM

Collapse comment: Charles Blaxland added a comment - 17/Feb/2023 6:07 AM, Edited by Charles Blaxland - 17/Feb/2023 6:14 AM

Expand comment: Charles Blaxland added a comment - 17/Feb/2023 6:07 AM, Edited by Charles Blaxland - 17/Feb/2023 6:14 AM

People

Dates