Hey everyone,

I just tried to use the "Guest"-Feature for that, but when "Creating a new Team" with the logged in guest user, I still can see other people! The users SH / ST etc. are not on the same user group as the Guest user!

Here's a screenshot: https://daten.madein.io/f/e4a619ee2a9a4a668a3b/

Any fixes or ideas?

>  I think all you have to do is to enable / disable People Directory features as you have done for "Guests", but allow us to set it by Space for any user.

I totally disagree. What they need to do is to implement features like Space Privacy Plugin did very well. Limit users to the space they are allowed to be in. I really don't understand why Atlassian is ignoring this for almost 16 years now. This is a full blocker for us, so we are migrating to another solution before the end of the Confluence Server support in 2024.

Hi Nidhi,

>>We have completed rolling out the Single-Space Guest experience in Beta<<

We have a production account.  I'm not sure how "Beta" works, so I presume this is not available yet to production accounts.  These features will "just appear" in production accounts? How will I be aware?

>>You can bring contractors, vendors, and partners securely into Confluence!<<

We already have.  That is not the issue.  It's our Customers that are the issue.  Customers should not see each other.  I'm not sure what you mean by a "Guest".

>> Each guest is allowed access to one space at a time<<

Our Customers need access to multiple spaces, their own dedicated space provided by us, and shared spaces across our customers.  It's these shared spaces that are the issue.  Merely commenting with "@" would pull up all users and their emails.  I see that no longer happens with "Guests".  Good, but "Customers" work in multiple spaces, thus, they are not "Guests" as you have defined them.

>>The EAP had a cohort of ~300 customers and we have received valuable input from our EAP participants<<

Were any of the requestors of this issue included?  I don't recall getting an invite.

This issue is marked "Closed" but isn't.  Please re-open it and resolve the issue.  I think all you have to do is to enable / disable People Directory features as you have done for "Guests", but allow us to set it by Space for any user.

Thanks.

Hi All,
 
We have completed rolling out the Single-Space Guest experience in Beta to all our Standard, Premium and Enterprise customers.
 
You can bring contractors, vendors, and partners securely into Confluence! Organization admins will be able invite up to 5 free guests for each paid user on their site! Each guest is allowed access to one space at a time, and they will not have access to the People Directory. Read more on our Atlassian Community post and our support articles: article 1: how to get set up and article 2: What guests can and can't do.
 
Happy collaborating,
Nidhi
Product Manager, Confluence

Hi All,
 
In June 2021 we announced the Early Access Program (EAP) for External Collaboration feature in Confluence. The EAP had a cohort of ~300 customers and we have received valuable input from our EAP participants that helped shape our next milestone - the Beta.
 
We will be slowly rolling out the Guest experience in Beta to all our customers in our paid pricing plans - Standard, Premium and Enterprise in the near future.
 
Once the Beta is live, you can bring contractors, vendors, and partners securely into Confluence! Organization admins will be able invite up to 5 free guests for each paid user on their site! Each guest is allowed access to one space at a time, and they will not have access to the People Directory. What this means is Guests will not be able to search for other users, @ mention them or see user profiles, keeping the user information secure.
 
Happy collaborating,
Nidhi
Product Manager, Confluence

Hi all, any update on this feature? It's pretty essential and can see there are quite a few others still chasing it

Same here. Please update on when this can be expected

Dear all,

when can this option be realistically expected?  In 2019 it was on the roadmap and would be covered in the next 12 months.  Today it's April 2022. We have an active case where a customer raises GDPR concerns.

Hilary Dubin at Atlassian -   was this implemented?? 

I don't see it on the Cloud roadmap: https://www.atlassian.com/roadmap/cloud

BTW: they way Jira handles it is IMO perfect. Click on "people" and you end up at your Atlassian profile. That's it. As simple as that. 

I'd second Darren: This is a GDPR related topic.

For multi-tenant instances this should be an option - It's a security issue and should be addressed,  I'm sure this also falls under GDPR compliance rules.
 

...may I kindly as about the status. Hilary stated in June 2019 the feature will be available within the next 12 months.

Thanks for the link @rtull, I've had a look and I don't think it's going to give us what we need, even when it launches. It's tied to the Premium version of Confluence and the latest update states that they are focusing on having a richer (and therefore more expensive) user experience for the External Collaborators.

I believe this feature from Atlassian is probably what they would consider the resolution to this request:

https://community.atlassian.com/t5/Confluence-articles/External-collaboration-in-Confluence-Premium/ba-p/1538241

I know that our org has this issue and it's currently preventing us from moving to Cloud. However, we believe that the external collaboration features linked above will fully resolve our concern. I don't personally see a need for external collaborators to see the People directory at all and internal users can see it without any concerns so we'll be set.

I've just moved from an older Server version to Cloud, in part so that we can safely open up access to customers. I'm keen to restrict access to the People section to certain groups and it looks like this was planned to be released last summer. I appreciate that everyone's plans have had to change recently, please can you supply an updated estimate as to when I can expect this functionality to be released?

Dear all,

We have 624 votes atm for this subject.

Isn't this enough to trigger atlasian developments and reaction?

Without this functionality, it is impossible to operate confluence properly, respecting confidentiality and privacy issues.

For the customers who we are collaborating with and want their relationship with us to be kept secret, we switched to github. If anyone is looking for a nuclear option. 

No way! That's not the requirement defined in this ticket (disabling all the people directory is not a solution at all)

Hi all.

I want to come back to my comment that I made last week. I contacted Atlassian; they responded that they are working on an option that allows you to disable the people directory for confluence as a site admin. For now they can disable(hide) the people tab of any Cloud instance on their side. You can achieve this by contacting the Atlassian Support and requesting this.

I hope this comments helps you all!

Kind regards Marc

I know it's only been 13 odd years, and umpteen "promises" and it will be ready in the next 12 months, but this is ridiculous.

I have contacted Atlassian regarding this issue, I will share the outcome in this issue. 

More important than ever, now Atlassian is closing confluence server (therefore, not been able to use "space privacy" plugin). Without these feature we cannot migrate our confluence server with extranet spaces to cloud

+1

+1

This is an important privacy problem, I don't understand how in 13 years this has not been considered and there is no provision for implementation.

To everyone receiving a notification about this new comment: Hi, and sorry!

To Atlassian: How is this not solved yet? What is going on? Please give us at least an explanation on how you want to tackle this. The competition already solved this problem (it didn't even arise actually, because it was implemented already). You owe us to first address the fundamental flaws before adding aesthetics. Pinging Christopher Owen, Hilary Dublin: Did you "plan to adress it", finally?

And Tobias: I laughed cynical tears when reading your comment. This made my day. Thanks!

Guys... don't stress Atlassian. The issue is only 13 years old. And just one year ago they wrote that they plan to do it within 12 months.
So we can be confident that we'll get a new status in 2022 or 2025.

Ah and don't forget... please pay all bills on time!

I would like to see this fixed asap, what is the status of this?

@Hilary Dublin, any update on this issue?

When will this be delivered?

The above comment from Hilary says in a year, that was last June so it is only 3 months until that year will have passed, yet it still shows as gathering interest instead of in progress. I am relying on this becoming available ASAP as currently we can only allow one client into our confluence instance and we wish to on-board more but cant while cross-pollination of usernames, profiles etc are still visible through the @mention function.

I wonder how people use Service Desk with Knowledge Base given that as soon as you let anybody into service desk, you expose your full detailed people list... It seems it renders the whole Service Desk solution useless. Isn't it a huge security hole? Why is it treated as "suggestion", for which interest needs to be gathered? What am I missing?

Hi everyone,

Thank you for your patience and being so vocal with regards to availability of this feature in Confluence Cloud. We acknowledge that many of you are looking to bring your customers and other external users into your Confluence site and therefore want tighter control over which users can browse the people directory.

I'm happy to share that we've put this suggestion on our roadmap and are planning to address it in the next 12 months.

We will keep you updated on the progress and timelines when the feature is going to be delivered.

Thanks again for your patience.

Best,

Hilary Dubin
Product Manager, Confluence Cloud

I'm also interested in when it will be possible to restrict user visibility. This issue makes Jira barely usable in a professional environment of software developers that develop for 3rd parties.

Hi,

Are there any updates on this? Like many others here we are using Confluence for several projects and clients. It's a very serious security breach they're currently able to see other people outside of their own user group.

Is it possible to make the Space Privacy plugin available on Confluence Cloud?

I'm the product manager looking after Atlassian Cloud people directory. I'm looking for feedback on our user-to-user visibility rules that apply at the people directory. We have a set of rules that should solve for the above example scenario as a "smart default", but I want to see whether there are additional scenarios to consider.

Please take a moment to read and provide feedback there. https://community.atlassian.com/t5/Teamwork-discussions/Call-for-feedback-Atlassian-cloud-people-directory-user/m-p/797370#M74

Thanks,

Matt Russell
Atlassian Product

We were migrating to Confluence and Jira cloud this week.  We had customized our Confluence Server instance to hide user profiles.  We just found that not only are the profiles available, but the updated UI in the latest Confluence makes it very easy to search all people.  We cannot have our customers seeing other customers in our system.  We are going to have to go back to Confluence Server until this is resolved.  Very disappointing!

Thank you very much for making clear that Atlassian is committed to fulfill GDPR standards. This gives me hope that this breach of data privacy present in this issue will be sealed soon. Because: you are NOT compliant with this! Which makes us, the Atlassian customers, NOT compliant.

@normand - Touche!

Yes Normand, well stated.  You are right in that overall they have a good product, but this is an extremily important flaw that they still don't get- or want to get.   We are a service provider, and we share each client's space with the client.  It was hard to get the people tab removed (they finally did after a lot of pestering and multiple tickets), but as you know, the directory is still easily accessible.

So for any readers (obviously Atlassian is not a reader of this ticket) - If this is important, please open new tickets.  Sadly,  I think the only way to get things done at Atlassian is to be a pest. 

Normand, very well stated.  

Dave, don't lose your time voting. If this is a requirement for your company, then look for another tool. Atlassian have been ignoring this request for 10 years now!!! Having been an Atlassian customer for years now, we realized that they DO NOT understand that we are running businesses with real customers, and they just don't see the needs for such important things. It seems to me that their team is a bunch of whiz kids who prefer working on nice looking gadgets rather than making sure that their customers are happy. This is sad because they have a great product. I would expect the product owners at Atlasssian to talk with end users and customers (they say they do...), and make sure their developers stop thinking about code, and start thinking about business needs, but it never happens. I would then expect the CEO of the company to ask what is happening with so many customers complaining? Ater all, I am sure the CEO of Atlassian would not like his confidential information shared with other companies right? Then he cannot use Confluence! Anyway, he is too busy expanding the list of Atlassian "bells and whistles" tools that will bring more customers and more $$$ that he does not care either. They all forgot one important thing: we can leave...

We have just run into this access issue of customers being able to see People Directory even though we have locked down the space. This is a major security loophole. ISO 27001 as customers should not see other customers details.  We will not be giving customers access to Confluence. Collaboration is obviously not high on the list of functionality for Atlassian.  Pity - it was one of the reasons we moved to use Atlassian products to improve collaboration with our customers to better improve customer satisfaction with our services.

Will be adding my vote for this request.  

Adding my vote to this. Really need to hide people directory from external users; otherwise, clients from different companies can find each other.

it's worthwhile to watch and get an understanding how much Atlassian cares about critical requests of their users.

I wonder if it is worth watching this issue?

Its been 10 years...???? 

I'm voting on this as well. The current behaviour totally prevents us from using Confluence with our external users and clients. 

Adding my vote to this. Really need to hide people directory from external users; otherwise, clients from different companies can find each other. Bizarre that we are still discussing this.

10 years and still going strong

using confluence for clients is pretty much useless without this feature and also a new bug that we found out. 

https://jira.atlassian.com/browse/CONFCLOUD-56228

Love reading the comments for the last 10 years and I totally agree even though we are Server. I voted for your effort like that will matter at all.  :-\

I do understand that any feature must be considered well and that having a large customer base and huge product backlog introduces challenges. For a feature like I would however expect that it would proceed through the development process in some months or so. Not 10 years... For my company this situation introduces some privacy concerns and prevents further role out of Confluence. Anyway +1 vote.

This is preventing us from rolling out confluence to a large user base of external customers. Our business need is similar to everyone else's. We want to host information for external customers. This group of external users should not be able to see information about any user. The fact that they can prevents us from using Confluence.

Unfortunately it was not discovered until after numerous hours were spent investigating and setting up the application.

Haha - yes indeed. Very close to what they told me on one ticket I opened, and then on another ticket the guy took care of it. In short it is complete B.S..
If indeed you just want the people directory removed, create a new ticket until you find the competent guy who just does it. I believe the others are not lying - they are saying what they are told and are not technical enough to do it. It is a simple change. This is what I mean be beating on them.

"This feature request does form part of a larger long term initiative from which we hope to provide a solution for this issue in the future. We will update the status of this issue once we have made further progress."

Okay Atlassian - it has been 10 years since this was openned and I think we deserve a status update from your "larger long term initiative". Will this be resolved in the next decade?

Confluence Support have confirmed that they are not able to hide the People Directory for us because we have been moved to a new platform. They also said that this feature is currently not on their roadmap.

"...Unfortunately, we don't have the option to remove the people directory anymore because your instance has been migrated to a new platform.

I am afraid to say that hiding People tab is not possible to achieve at this moment....  and I am afraid to say that we don't have any plan to put the feature request under our roadmap in the near future..."

Does anyone know of a plug-in that fixes this issue?