Charles Miller (Inactive) added a comment - 06/Aug/2004 2:05 AM Ah, I'm sorry about that. The fact you can't see the Administration option if you're not in confluence-admin is a separate bug that I wasn't aware of: CONF-1650 . Dave's fixing it as I write this.

Mark Johnson added a comment - 05/Aug/2004 11:55 AM EXTERNAL MESSAGE: SUBJECT: RE: [JIRA] Closed: ( CONF-1444 ) confluence-administrators should not have access to all content Hi, I appreciate the feedback, but this does not resolve my problem. I did what you suggested, but the 'Administrate Confluence' privilege in the Global Permissions page does not recognise this when I log in as someone either in a group assigned or even directly assigned to the 'Administrate Confluence' privilege. I am running 1.1.1 Build 56. Is this a bug that was fixed in a later version? Cheers, Mark _____ From: jira@atlassian.com jira@atlassian.com Sent: Thursday, 5 August 2004 6:08 PM To: mark.johnson@shinetech.com Subject: [JIRA] Closed: ( CONF-1444 ) confluence-administrators should not have access to all content Issue (View < http://jira.atlassian.com/browse/CONF-1444 > Online) < http://jira.atlassian.com/images/bluepixel.gif > Key: CONF-1444 < http://jira.atlassian.com/browse/CONF-1444 > Type: < http://jira.atlassian.com/browse/CONF-1444 > Improvement Improvement Status: Closed < http://jira.atlassian.com/images/icons/status_closed.gif > Closed Priority: Critical < http://jira.atlassian.com/images/icons/priority_critical.gif > Critical Resolution: Won't Fix Assignee: Charles < http://jira.atlassian.com/secure/ViewProfile.jspa?name=cmiller%40atlassian . com> Miller Reporter: Mark < http://jira.atlassian.com/secure/ViewProfile.jspa?name=mark.johnson > Johnson Operations < http://jira.atlassian.com/images/bluepixel.gif > < http://jira.atlassian.com/images/icons/bullet_creme.gif > View all < http://jira.atlassian.com/browse/CONF-1444?page=all > < http://jira.atlassian.com/images/icons/bullet_creme.gif > View comments < http://jira.atlassian.com/browse/CONF-1444?page=comments > < http://jira.atlassian.com/images/icons/bullet_creme.gif > View change < http://jira.atlassian.com/browse/CONF-1444?page=history > history confluence-administrators < http://jira.atlassian.com/browse/CONF-1444 > should not have access to all content Updated: Thu, 5 Aug 2004 3:06 AM Created: Mon, 21 Jun 2004 8:54 AM The following issue has been closed. User: Charles < http://jira.atlassian.com/secure/ViewProfile.jspa?name=cmiller%40atlassian . com> Miller Date: Thu, 5 Aug 2004 3:06 AM Comment: The confluence-administrators group is like the 'root' account on Unix. It can do everything. Having a superuser group is an important tool for maintaining the server. You can, however, create administrators in Confluence who have the ability to configure the server, perform backups and so on without the full superuser rights to read anything on the system. Just create a group called something other than confluence-administrators (say, local-administrators), give that group the Administrate Confluence permission, and add your less-privileged admin accounts to that group instead. Project: Confluence < http://jira.atlassian.com/browse/CONF > Components: Administration Affects Versions: 1.1.1 Description If you are part of the confluence-administrators group by default you can see all spaces and content. This breaks the space permissions if you just add specific users that are not part of the confluence-administrators group. In our case, we have administrators that should be able to administer certain spaces, and also manage users and groups. However, we have a space that we don't want these people to see or administer. Right now we can specify certain users to see and administer the space, but then any administrator can just come in and do things to this space. We require that the space honours the space assigned privileges only. < http://jira.atlassian.com/images/border/spacer.gif > This message was automatically generated by Atlassian JIRA < http://www.atlassian.com/c/JIRA/10140 > Enterprise Edition, Version: 2.6.1-#65 - Bug/feature < http://jira.atlassian.com/default.jsp?clicked=footer > request If you think it was sent incorrectly contact one of this server's administrators < http://jira.atlassian.com/secure/Administrators.jspa > .

Charles Miller (Inactive) added a comment - 05/Aug/2004 8:06 AM The confluence-administrators group is like the 'root' account on Unix. It can do everything. Having a superuser group is an important tool for maintaining the server. You can, however, create administrators in Confluence who have the ability to configure the server, perform backups and so on without the full superuser rights to read anything on the system. Just create a group called something other than confluence-administrators (say, local-administrators), give that group the Administrate Confluence permission, and add your less-privileged admin accounts to that group instead.

Sulka Haro added a comment - 22/Jun/2004 2:47 PM There should be some way of having über administrator privileges in case for example all admin rights are accidentally deleted from a space. Also if someone has access to administering accounts, by definition that person has access to all content since the person can temporarily add any privilege to himself.

Mark Johnson added a comment - 21/Jun/2004 2:00 PM Sorry, this should be in 'Permissions' not 'Administration'.