-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
5.8.5
-
None
The Space Admin functionality allows a space to have 'Anonymous Access' allowed and displays the following warning:
WARNING
Anonymous users will not be able to view this space, because they have not been granted the global ‘Use Confluence’ permission. You can grant anonymous access to Confluence from global permissions.When a user is using Confluence while not logged in, they are using it anonymously.
For example: Enabling anonymous 'commenting' permission, allows non-logged-in users to make comments in this space.
The global permissions of the Confluence environment prevents anonymous users from accessing Confluence.
However, a user that is permissioned to Confluence (has valid login account) but does not belong to a group that is currently permissioned to the space is now able to access the space.
e.g think about the below scenario.
User has access to Space A only, but space B has been given anonymous access and global configuration is set to prevent anonymous access.
In this case user can access Space A and space B
This is misleading and something is not correct. At least the warning in Space permission admin page.
This is same as CONF-28946, but creating this issue to highlight the same.
- is related to
-
-
- Closed
-
- relates to
-
CONFSERVER-11553 Improve the explanations for Not Permitted error
- Closed
[CONFSERVER-38298] Anonymous space permission allows anyone who logged-in to access space, even when global permissions are set to prevent anonymous access
Dear
{name}This ticket has been marked as duplicate. Please follow the progress here https://jira.atlassian.com/browse/CONF-28946
Thanks,
Minh Tran
Confluence BugMaster
Atlassian
Hi Minh,
this issue is open since 15/Apr/13 and should be fixed.
Kind regards
Ed