-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Medium
-
Component/s: Permissions - Content (Backend/API)
-
None
-
2
-
Minor
Issue Summary
Users lacking "Restrictions Add/Delete" permission and space admin rights can still update subfolder restrictions
Preconditions: Ensure you have another user account, e.g., TestUser, who does not have "RestrictionsAdd/Delete" permission and is not a space admin from space settings.
Steps to Reproduce
- In a Confluence space, create a parent folder under the space home page.
- Click on "... -> Share" in the page tree, change the setting from Open to Restricted, and set the "Can edit" restriction to yourself. Set the "Can view" restriction to another user, e.g., TestUser. Save the changes.
- Log in as TestUser and create a subfolder under the parent folder.
- Click on "... -> Share" for the subfolder in the page tree and attempt to update the restrictions (still logged in as TestUser).
Expected Results
TestUser should not be able to edit or update the subfolder restrictions.
Actual Results
TestUser is able to edit and update the subfolder restrictions.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- duplicates
-
CONFCLOUD-78659 Provide the ability to add pages without also granting restrict own page permissions
- Gathering Interest
- relates to
-
-
- Short Term Backlog
-
-
- Gathering Interest