Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-24817

Confluence Pages visible to all users if they are able to access directly via URL or through Recently Updated.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Support Request
    • Icon: Highest Highest
    • None
    • 4.1.3
    • None

      A customer user was able to post a comment to a page under a "Private" Page. Our "Private" Pages have View restrictions to Employees and Contractors only. Customers should not be able to view Private Pages.

      Steps to recreate:
      1) Log into Confluence as Kevin Barnes.
      2) Browse to Office Space.
      3) Private folder is not visible.
      4) Select a Private Page from "Recently Updated" section.
      5) This user is able to access the Page.

      Checked Permissions:

      • Kevin Barnes is setup as a Customer in Crowd within jira-users, confluence-users, QuickLive Customers and Office Customers groups.
      • When a page is specifically restricted, he is not able to view.
      • Child pages of restricted pages are visible by either URL or through Recently Updated items.

      Immediate Workaround: Removed "Recently Updated" sections from spaces.

      Confirmed documentation for Atlassian shows that child pages should inherit View restrictions from parent pages in hierarchy:
      "If a page has its 'View' restriction set, that restriction will be inherited by all its children (and their children, and so on)."
      http://confluence.atlassian.com/display/DOC/Page+Restrictions

      Is this an issue with View Restrictions in Confluence 4.1.3?

      Also, we are seeing recent issues with Search Indexing. Could this be related to Search Indexing if indexes are not picking up View Restrictions?

              rgoodwin Ryan Goodwin (Inactive)
              e57cdb5aa3ac Annie Abrams
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: