Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-38298

Anonymous space permission allows anyone who logged-in to access space, even when global permissions are set to prevent anonymous access


    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • None
    • 5.8.5
    • None

      The Space Admin functionality allows a space to have 'Anonymous Access' allowed and displays the following warning:

      Anonymous users will not be able to view this space, because they have not been granted the global ‘Use Confluence’ permission. You can grant anonymous access to Confluence from global permissions.

      When a user is using Confluence while not logged in, they are using it anonymously.
      For example: Enabling anonymous 'commenting' permission, allows non-logged-in users to make comments in this space.

      The global permissions of the Confluence environment prevents anonymous users from accessing Confluence.

      However, a user that is permissioned to Confluence (has valid login account) but does not belong to a group that is currently permissioned to the space is now able to access the space.

      e.g think about the below scenario.

      User has access to Space A only, but space B has been given anonymous access and global configuration is set to prevent anonymous access.

      In this case user can access Space A and space B

      This is misleading and something is not correct. At least the warning in Space permission admin page.

      This is same as CONF-28946, but creating this issue to highlight the same.

            Unassigned Unassigned
            416d7f769200 Ishan Liyanage
            0 Vote for this issue
            3 Start watching this issue