• 9
    • 10
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Allow for permission changes to be recorded in page history.

            [CONFSERVER-19721] Record permission changes in page history

            essential feature imho

            gary carter added a comment - essential feature imho

            required by our security department feature. does roadmap exist for this request?

            Infinidat Jira Admin added a comment - required by our security department feature. does roadmap exist for this request?

            We are working with Confluence as the main communication and documentation tool in our organisation. We are holding a certificate for ISO 27001 and therefore we are also compliant to least-privilege and need-to-know principles. to be able to proof that in confluence, we need to especially see who applied changes to page restrictions. having this feature in confluence is critical to fully comply with information security.

            Manuel Kainer added a comment - We are working with Confluence as the main communication and documentation tool in our organisation. We are holding a certificate for ISO 27001 and therefore we are also compliant to least-privilege and need-to-know principles. to be able to proof that in confluence, we need to especially see who applied changes to page restrictions. having this feature in confluence is critical to fully comply with information security.

            Hi all,

            Thank you so much for your votes and comments on this suggestion.

            We are beginning greater research on the topic of advanced auditing and would love to hear from you.

            We intend to better understand:

            • What information you need to log and keep about your Atlassian applications and environments
            • What are the questions you need to answer, or specific insights your are looking for when auditing logs

            Responses can be in regard to information that needs to be tracked for internal policies (i.e. security) or compliance standards (i.e. SOC2 or SOX)

            What’s involved in the research:

            • Sessions are 1 hour and conducted over video-conference, so you can participate from anywhere around the globe.
            • After scheduling, you'll receive a calendar invite with a video-conference link.
            • During the research, we'll start with a general chat to get to know you and your company, then try to understand better your auditing needs and even explore some prototypes.
            • As a token of our appreciation, you'll receive an e-gift card worth $100 USD within 5 days of completing your session.

            If you're interested in taking part, please send me an email at rbattaglin@atlassian.com and I'll get in touch. We can't guarantee that all interested parties will be selected but we appreciate your interest in helping us to make auditing in our products satisfy more advanced use cases.

            We look forward to meeting you!

            Cheers,
            Renan Battaglin
            Server and Data Center Team

            Renan Battaglin added a comment - Hi all, Thank you so much for your votes and comments on this suggestion. We are beginning greater research on the topic of advanced auditing and would love to hear from you. We intend to better understand: What information you need to log and keep about your Atlassian applications and environments What are the questions you need to answer, or specific insights your are looking for when auditing logs Responses can be in regard to information that needs to be tracked for internal policies (i.e. security) or compliance standards (i.e. SOC2 or SOX) What’s involved in the research: Sessions are 1 hour and conducted over video-conference, so you can participate from anywhere around the globe. After scheduling, you'll receive a calendar invite with a video-conference link. During the research, we'll start with a general chat to get to know you and your company, then try to understand better your auditing needs and even explore some prototypes. As a token of our appreciation, you'll receive an e-gift card worth $100 USD within 5 days of completing your session. If you're interested in taking part, please send me an email at rbattaglin@atlassian.com and I'll get in touch. We can't guarantee that all interested parties will be selected but we appreciate your interest in helping us to make auditing in our products satisfy more advanced use cases. We look forward to meeting you! Cheers, Renan Battaglin Server and Data Center Team

            Patricia added a comment -

            We just had someone disable a whole page overnight and it had a whole heap of documents that the entire company was not able to access. We need this now!

            Patricia added a comment - We just had someone disable a whole page overnight and it had a whole heap of documents that the entire company was not able to access. We need this now!

            Any update/progress here?

            Frank Püchl added a comment - Any update/progress here?

            I'd also like to see this feature. Currently there is no way to reproduce who changed what page/space permission.

            Manuel Bähnisch added a comment - I'd also like to see this feature. Currently there is no way to reproduce who changed what page/space permission.

            Isaac.nl added a comment -

            We are recording more and more information in confluence that is only allowed to be edited or viewed by a limited set of people.
            It is not feasible to split these all out into different spaces. So we would like to keep these pages in the same space. However if there's no (audit) of page restriction changes, it's hard to prevent abuse. It's not scalable to have all restriction modifications go through a service desk or the confluence/space admin.

            Isaac.nl added a comment - We are recording more and more information in confluence that is only allowed to be edited or viewed by a limited set of people. It is not feasible to split these all out into different spaces. So we would like to keep these pages in the same space. However if there's no (audit) of page restriction changes, it's hard to prevent abuse. It's not scalable to have all restriction modifications go through a service desk or the confluence/space admin.

            Xin Yin added a comment -

            We need this feature!!!!!!

             

            Xin Yin added a comment - We need this feature!!!!!!  

            If query parameters could be added to the access logs, they will contain the history of page moves and permission changes. It would take a bit of parsing to make sense of it, but it would at least be there.
            CONF-17202

            Ransom Christofferson added a comment - If query parameters could be added to the access logs, they will contain the history of page moves and permission changes. It would take a bit of parsing to make sense of it, but it would at least be there. CONF-17202

              Unassigned Unassigned
              mseager Michael S
              Votes:
              174 Vote for this issue
              Watchers:
              107 Start watching this issue

                Created:
                Updated: