Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-28946

Anonymous space permission allows non-permissioned groups to access space, when global permissions are set to prevent anonymous access


      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      The Space Admin functionality allows a space to have 'Anonymous Access' allowed and displays the following warning:

      Anonymous users will not be able to view this space, because they have not been granted the global ‘Use Confluence’ permission. You can grant anonymous access to Confluence from global permissions.

      The global permissions of the Confluence environment prevents anonymous users from accessing Confluence.

      However, a user that is permissioned to Confluence but does not belong to a group that is currently permissioned to the space is now able to access the space. Examples of this behaviour have been attached.

      Removing the anonymous flag from the space will then prevent this user from being able to access the space. You can use the following query to identify spaces with Anonymous permissions enabled:

      SELECT spacename, 
      FROM   spaces 
      WHERE  spaceid IN (SELECT spaceid 
                         FROM   spacepermissions 
                         WHERE  permgroupname IS NULL 
                                AND permusername IS NULL); 


        1. adding_comment_on_space.jpeg
          365 kB
          Paul Greig
        2. global_permissions.jpeg
          326 kB
          Paul Greig
        3. profile_only_users_group.jpeg
          45 kB
          Paul Greig
        4. space_permissions.jpeg
          481 kB
          Paul Greig

            mswami@atlassian.com Mahesh Swami
            pgreig Paul Greig
            31 Vote for this issue
            48 Start watching this issue