Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
5.7, 7.1.1
-
3
-
Severity 2 - Major
-
1
-
Description
Bug Background
Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation here
The 'confluence-administrators' group defines a set of 'super-users' who can access the Confluence administration console and perform site-wide administration. Members of this group can also see the content of all pages and spaces in the Confluence instance, regardless of space permissions. They cannot immediately see the pages that exclude them via page restrictions without knowing the direct URL to the page. They can remove the page restrictions via the Space Administration screen if need be. For example, they will not see restricted pages displayed by the children macro. But they are able to access restricted pages directly using the page URL.
The above documentation confirm that super-users should follow the following points:
- See all content of all pages and spaces in the Confluence instance.
- They cannot immediately see the pages that exclude them via page restrictions without knowing the direct URL to the page.
- For example, they will not see restricted pages displayed by the children macro. But they are able to access restricted pages directly using the page URL.
- They can remove the page restrictions via the Space Administration screen if need be.
The second point clearly describe that Confluence super-users can only access restricted page only through direct URL and no other method. We have confirmed that the following feature won't reveal restricted page to super-users
- Search function
- Recently-updated macro
- Children Macro
However the following features does not hide the restricted page as describe in the following screenshots:
In this scenario, Restricted page is restricted for all user except for one user. However the following features still provide the link to this page to super-users
- Navigation Panel in Default Theme
- Page Tree
- Quick Search
