Yeah, this would be a needed change for sure. 

We also have guests segragated by their respective companies, and obviously they cannot see each others spaces, but when a larger customer has tens of users having to add them as guests one by one is a nightmare. 

• Do all of your guests always need to work within the same space? How do you manage it otherwise?
• - Absolutely not. We have to manage them one by one now, where onprem we could use groups to cover the guests access (though obviously they weren't "guests" there).
• Do you assign different guest groups to different spaces?
• - yes
• Where do you expecting guest group space assignment to happen?
• - space settings or guest settings
• What is your expectation when new group members added or removed? Are they added or removed from the space?
• - guests added to a group with access should get the same access as the group, same funcitonality as with groups otherwise. When removed from groups they should lose the access?
• Do you have any conditions where a guest could be in multiple groups? What is the expectation when this occurs?
• - Would be nice to have, but not the highest priority, to have a guest be able to access maybe 2, 3 spaces. But other than that I think it should default to keeping the guests access in the space it already could, without adding new access if that's an issue.

Dear Atlassian,

Do you have an estimated timeline for implementing this feature?

We are currently working with 2,500 users and managing them one by one in “Guest” is frustrating. Automation in Confluence is not a sufficient solution because it only works for unassigned guests and once assigned a guest will automatically be assigned to the selected space(s). Every time a guest, does not have access to a space, you have to manually search for the user and assign him/her. Besides, in automation there is no way to change what default permissions will be assigned and once in a while you have to change the permissions of newly added guests.

Looking forward to hear back from you.

mwang@atlassian.com 9574dabfb3a9 
Based on your "Latest Update" which describes Default Space Assignment, is there some way to define default permissions for this default guest assigment group?

The only ways I've found to define specific space permissions to users or groups is under /Space Permissions/, and none of the options enable defining a 'default permission set' for guests added via this 'default guest assignment group'.

The GUEST GROUP "confluence-guests-<org-name-string>" can not be saved or interacted with under /Space Permissions/Groups/ since this section is designed for 'Member Groups' only. This in turn blocks the ability to customize the default permissions for this group here. 

Its also impossible to add this guest default group under /Space Permissions/Guests/ because this section only accepts 'guest users'. It doesn't allow for 'guest group' to be added. 

Is there possibly another solution? 

The lack of setting default permissions on this feature unfortunately kills it out of the gate, unless Im overlooking something? 
Having all these guests automatically added but still requiring that we remember to go and individually customize and re-save guest permissions by user would be burdensome and unrealistic. 

Hopefully Im overlooking and obvious solution! But I have looked for a couple of hours now. 

Hey there,
do you have an ETA for this feature? We are looking to Confluence guest users at the moment. Putting users into groups is essential for user management. This applies to external users as well.

At the momentan we would have to add the manually or via API if at all possible.

I would like to add our name to the hat on this one. 

We absolutely need the ability to use groups so we can scale and segregate access into spaces for guests.

This should 100% function just like internal users, this should be straight-forward with the how it works, don't change the model - you already have a great system for User/Group/Permissions to spaces. 

Just make Guest Groups function the same exact way

• Do all of your guests always need to work within the same space? How do you manage it otherwise?
  • No, our guests are segregated by the companies they work for, we cannot have guests access the same space.
  • Right now because the tool only lets us use users for guests, manual entry.
  • We have users who are View and Edit – we have to manually assign this instead of doing this using Groups - such a pain!
• Do you assign different guest groups to different spaces?
  • Yes we have a naming standard and we build groups today, in hopes we can directly add the Guest Group to a Space
• Where do you expecting guest group space assignment to happen?
  • In the Space, on the Guest "tab", exactly like the internal user mechanism works today
• What is your expectation when new group members added or removed? Are they added or removed from the space?
  • My expectation would be how all the normal user/group functionality works today, no difference.
  • If a user is added to a group - they get access however that group has access
  • If a user is removed from the group, they no longer have access to anything 
  • If the group is removed from the space, then all users of that group are removed
• Do you have any conditions where a guest could be in multiple groups? What is the expectation when this occurs?
  • Yes, we could have a Partner vs a Customer as a guest.
  • I would create a group for the Partner - and apply access to that Partner Group - to whichever spaces they need

I'd be very happy if i could create groups of customers (for different companies) - create spaces for them and manage the guest access by a group name like "customer-confluence-guest" group

• Do all of your guests always need to work within the same space? How do you manage it otherwise? -> no, different guests, different spaces, in the moment per user, i'd like groups
• Do you assign different guest groups to different spaces? -> yes
• Where do you expecting guest group space assignment to happen? -> space setting
• What is your expectation when new group members added or removed? Are they added or removed from the space? -> new group members should have access to the space i set up for the group
• Do you have any conditions where a guest could be in multiple groups? What is the expectation when this occurs? -> maybe - for different types of users like "legal, engineering, secret project team etc.."

Hey all,

I wanted to jump in here, I hope you're all enjoying some of the enhancements we've made for making it a bit easier to manage guests at scale. While we continue to make progress in this area, I wanted to share a potential short term solution for those of you that are leveraging our Confluence REST APIs.

What I've heard, is that there is a need to assign all guests, within a group, access to the same space. While default space access is a really good start, there may be some edge cases around it (maybe multiple groups needing different sets of space access).

The existing APIs that I wanted to highlight that could be leveraged to build a custom solution around space assignment, would be the following:

• https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-group/#api-wiki-rest-api-group-get
• https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-group/#api-wiki-rest-api-group-groupid-membersbygroupid-get
• https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-space-permissions/#api-wiki-rest-api-space-spacekey-permission-post

Leveraging those APIs we should be able to identify all guest users in a given group, and grant the required space permissions to "assign" space access for a guest (guests by default always be granted read:space, create:page, create:comment, and create:attachment on a given space).

Below is an example of a script that will use the APIs listed above to take a group name, lookup all of the guest users within that group, and assign the correct space permissions if possible (the space permission endpoint will return an error if the guest user already has a space assigned).

#!/bin/bash
groupName="[insert-group-name-here]" # The name of the guest group you want to assign spaces for
spaceKey="[insert-space-key-here]"   # The space key of the space you want to assign to your guests
hostname=[insert-confluence-domain-here] # The domain for your Confluence site

result=$(http GET "$hostname/wiki/rest/api/group")

groupId=$(echo $result | jq -r '.results[] | select(.name=="'$groupName'") | .id')

result=$(http GET "$hostname/wiki/rest/api/group/$groupId/membersByGroupId?expand=isExternalCollaborator")

guestIds=$(echo $result | jq '.results[] | select(.isExternalCollaborator==true) | .accountId')
guestIds=($guestIds)

echo "Start assigning space permissions on $spaceKey for ${#guestIds[@]} guests..."

for guestId in "${guestIds[@]}"; do    
(        
  if http --check-status --ignore-stdin POST "$hostname/wiki/rest/api/space/$spaceKey/permission" --raw '{ "subject": { "type": "user", "identifier": '"$guestId"' }, "operation": { "key": "read", "target": "space"}}' &>output.txt:; then            
    echo "✅ successfully assigned read:space on $spaceKey for $guestId"
    if http --check-status --ignore-stdin POST "$hostname/wiki/rest/api/space/$spaceKey/permission" --raw '{ "subject": { "type": "user", "identifier": '"$guestId"' }, "operation": { "key": "create", "target": "page"}}' &>output.txt:; then                
      echo "✅ successfully assigned create:page on $spaceKey for $guestId"            
    else                
      echo "❌ failed to assign create:page on $spaceKey for $guestId"            
    fi
    if http --check-status --ignore-stdin --meta POST "$hostname/wiki/rest/api/space/$spaceKey/permission" --raw '{ "subject": { "type": "user", "identifier": '"$guestId"' }, "operation": { "key": "create", "target": "comment"}}' &>output.txt:; then                
      echo "✅ successfully assigned create:comment on $spaceKey for $guestId"            
    else                
      echo "❌ failed to assign create:comment on $spaceKey for $guestId"            
    fi
    if http --check-status --ignore-stdin --meta POST "$hostname/wiki/rest/api/space/$spaceKey/permission" --raw '{ "subject": { "type": "user", "identifier": '"$guestId"' }, "operation": { "key": "create", "target": "attachment"}}' &>output.txt:; then                
      echo "✅ successfully assigned create:attachment on $spaceKey for $guestId"            
    else                
      echo "❌ failed to assign create:attachment on $spaceKey for $guestId"            
    fi        
  else            
    echo "❌ failed to assign read:space on $spaceKey for $guestId"        
  fi    
)
done

echo "Finished assigning space permissions on $spaceKey for ${#guestIds[@]} guests..."

Hopefully this information is helpful, if there are any questions, please reach out!

+1, hard to believe we need to manage hundreds or even thousands of users manually.

Hi all,

We are happy to announce that we have launched 2 new solutions for guest groups to be assigned to spaces.

1. Default Space Assignment: If all of your guests need to be added to the same space, you can leverage Default Space Assignment to assign newly added guests to the same Confluence space. Once the Default Space Assignment is set up, you no longer need to separately assign guests to a space (unless you would like to).
2. Guest Space Assignment with Automations: You can create and schedule an automation rule to assign (and unassign) existing and future guests to a designated space. Particularly useful for unassigned guests that have been added prior to the Default Space Assignment feature being launched. 

As a next step, we will be exploring allow guest groups to be identified in Automations so we can automate guest group assignment to a specific space.

If you have any questions, please feel free to leave them in the comments below!

Thanks,
Morgan, Confluence Product Manager

Do all of your guests always need to work within the same space? How do you manage it otherwise?

No. We use paid user.
Do you assign different guest groups to different spaces?

If they need to access to different space yes. Otherwise, no, only to one space.
Where do you expect guest group space assignment to happen?

Either in the same place as for the users, or best directly in the expected space.
What is your expectation when new group members added or removed? Are they added or removed from the space?

Yes of course is the user is not member of the group, he must be removed of the space
Do you have any conditions where a guest could be in multiple groups? What is the expectation when this occurs?

It can and for now we use paid user so he can access to multiple space. If the limitation is one space I think the solution is to limit guest to one group only.