Details
-
Suggestion
-
Resolution: Tracked Elsewhere
-
None
Description
Summary
When importing spaces to Confluence Cloud, users will be automatically imported in order to map entries to these accounts.
Although the documentation mentions that user accounts will not have product access granted, accounts will still get imported:
This procedure will not import:
- user accounts, meaning it doesn't give users product access or add them to any groups. It will, however, import some user data connected to the spaces you're importing. This is to make sure that mentions, comments, and page history stay active. User data that will be imported includes:
- full name
- username (discarded after importing)
- email address
There is also a different suggestion to cover it:
Confluence Space Imports are now Adding users to the site - https://jira.atlassian.com/browse/CONFCLOUD-72064
Context
When users are "imported" with the space, no invites or emails should be triggered, meaning that such entries will not be added to the organization audit logs.
Suggestion
As this brings security concerns to administrators looking to understand how accounts were added to the instance, this is a suggestion to include such entries in the audit logs.
For example:
- On the organization audit logs, clarify that "A B C users were added via space import".
- In the audit logs of Confluence, for the entries showing User created, replace it with User created via space import
- Trigger an email for the administrators that users "A B C now have access to the site via spaces that were imported"
Attachments
Issue Links
- derived from
-
CONFCLOUD-72064 Confluence Space Imports are now Adding users to the site
- Closed
- is related to
-
CONFCLOUD-72064 Confluence Space Imports are now Adding users to the site
- Closed