[CONFSERVER-43671] As a Confluence administrator I would like to disable the 'Show Changed Content' to all users

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
- affects-server

UIS:
14
Support reference count:
20
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

Problem Definition

By default, the Show Changed Content functionality is enabled to all users as described in the product documentation: Email Notifications.

This functionality may overload the Confluence server and/or the email infrastructure if many changes in pages occur at the same time.

Currently, there's no way for the Confluence administrator to disable this functionality to all users.

Workaround

The following KB describes a workaround to disable this functionality to all existing users in the database.
How to disable Show Changed Content to all users

relates to

CONFCLOUD-43671 Ability to disable "Show Changed Content" site-wide

Gathering Interest

m4nu3l14 added a comment - 05/Mar/2024 8:25 AM

In some environments, Confluence can contain restricted data, which by security policy is not allowed to end up in an email. Thus we currently have to disable ALL emails from Confluence and Jira which drastically limits our collaborative experience. Therefore this feature is necessary for us to be able to work with emails notifications. Please prioritize.

m4nu3l14 added a comment - 05/Mar/2024 8:25 AM In some environments, Confluence can contain restricted data, which by security policy is not allowed to end up in an email. Thus we currently have to disable ALL emails from Confluence and Jira which drastically limits our collaborative experience. Therefore this feature is necessary for us to be able to work with emails notifications. Please prioritize.

Steffen Becker added a comment - 18/Dec/2023 1:03 PM

We also need this feature to fulfill a security requirement.

Please prioritize.

Steffen Becker added a comment - 18/Dec/2023 1:03 PM We also need this feature to fulfill a security requirement. Please prioritize.

Rigoberto added a comment - 10/Oct/2023 9:13 PM

Bump

Rigoberto added a comment - 10/Oct/2023 9:13 PM Bump

Keith Sottung added a comment - 24/Jun/2023 3:47 PM

We use spaces to maintain sensitive system functional information that should NEVER NEVER leave confluence. When we found that if a user selects email notification: 'Show Changed Content' allows information be copied to an email and sent out, we were quite alarmed and upset.

Its very important that this be a Space Admin over ride option. It is the Space Admin who should have right to lock down the information from being emailed out where the email could be accidently forwarded.

Keith Sottung added a comment - 24/Jun/2023 3:47 PM We use spaces to maintain sensitive system functional information that should NEVER NEVER leave confluence. When we found that if a user selects email notification: 'Show Changed Content' allows information be copied to an email and sent out, we were quite alarmed and upset. Its very important that this be a Space Admin over ride option. It is the Space Admin who should have right to lock down the information from being emailed out where the email could be accidently forwarded.

Joe Johnstone added a comment - 02/Aug/2022 9:00 PM

Disabling this is very important for sites that have sensitive information

Joe Johnstone added a comment - 02/Aug/2022 9:00 PM Disabling this is very important for sites that have sensitive information

John Winstanley added a comment - 12/Oct/2020 1:24 PM

I think this is a really important issue.
1000s of companies use confluence.
1000s of pages of sensitive data that are thus being sent via email everyday.
It feels very insecure.

John Winstanley added a comment - 12/Oct/2020 1:24 PM I think this is a really important issue. 1000s of companies use confluence. 1000s of pages of sensitive data that are thus being sent via email everyday. It feels very insecure.

Chris Held added a comment - 12/Sep/2019 1:47 PM

The comment above describes the same issue we have! :/

Chris Held added a comment - 12/Sep/2019 1:47 PM The comment above describes the same issue we have! :/

Daphne Thunnissen added a comment - 05/Sep/2019 12:42 PM - edited

In the Netherlands we have something called the BIR. In this document there are rules concerning the way content is shared and what can and cannot be done. 1 Of the problems is that content with the status "confidential" can only be shared through e-mail which is encrypted and the content is in a password protected file.

So if we start using Confluence and we create a page which has confidential content it cannot be emailed. We can as a rule ask all the users to disable the possibility to uncheck the "Show changed content" in their settings but there is no way to check this. This is therefore not an option.

We have tried the solution https://confluence.atlassian.com/confkb/how-to-globally-disable-e-mail-notifications-with-page-content-718670714.html but still this doesn't work. The mention functionality doens't work anymore. When you are a watcher you do not get warnings that a page is changed or a comment is made. The text of a blog will be send completely.

The solution above (https://confluence.atlassian.com/confkb/how-to-disable-show-changed-content-to-all-users-407725054.html) is not a solution for us. We can't afford to have people changing there settings and being able to get classified content in their email.

I can't imagine that this effects so few companies with all the security scandals these days.

Daphne Thunnissen added a comment - 05/Sep/2019 12:42 PM - edited In the Netherlands we have something called the BIR. In this document there are rules concerning the way content is shared and what can and cannot be done. 1 Of the problems is that content with the status "confidential" can only be shared through e-mail which is encrypted and the content is in a password protected file. So if we start using Confluence and we create a page which has confidential content it cannot be emailed. We can as a rule ask all the users to disable the possibility to uncheck the "Show changed content" in their settings but there is no way to check this. This is therefore not an option. We have tried the solution https://confluence.atlassian.com/confkb/how-to-globally-disable-e-mail-notifications-with-page-content-718670714.html but still this doesn't work. The mention functionality doens't work anymore. When you are a watcher you do not get warnings that a page is changed or a comment is made. The text of a blog will be send completely. The solution above ( https://confluence.atlassian.com/confkb/how-to-disable-show-changed-content-to-all-users-407725054.html) is not a solution for us. We can't afford to have people changing there settings and being able to get classified content in their email. I can't imagine that this effects so few companies with all the security scandals these days.

william added a comment - 20/Mar/2018 3:55 PM

Being able to disable "show changed content" for all users and not allow users to turn it back on would solve a lot of problems for us.

william added a comment - 20/Mar/2018 3:55 PM Being able to disable "show changed content" for all users and not allow users to turn it back on would solve a lot of problems for us.

Ian Appleby added a comment - 27/Feb/2017 4:23 PM

Yep, seems like a security hole, and one we've had raised internally.

I'd like to add to the initial request with the following requirements:

Enforcement (ie, stopping users changing it back) is defiantely required to make this useful.
This needs to be available on the Cloud edition also; we don't even have a workaround.

Ian Appleby added a comment - 27/Feb/2017 4:23 PM Yep, seems like a security hole, and one we've had raised internally. I'd like to add to the initial request with the following requirements: Enforcement (ie, stopping users changing it back) is defiantely required to make this useful. This needs to be available on the Cloud edition also; we don't even have a workaround.

Assignee:: Unassigned

Reporter:: Jeff Curry

Votes:: 65 Vote for this issue

Watchers:: 45 Start watching this issue

Created:: 09/Sep/2016 10:48 PM

Updated:: 4 days ago 4:13 AM

Details

Description

Problem Definition

Suggested Solution

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: m4nu3l14 added a comment - 05/Mar/2024 8:25 AM

Expand comment: m4nu3l14 added a comment - 05/Mar/2024 8:25 AM

Collapse comment: Steffen Becker added a comment - 18/Dec/2023 1:03 PM

Expand comment: Steffen Becker added a comment - 18/Dec/2023 1:03 PM

Collapse comment: Rigoberto added a comment - 10/Oct/2023 9:13 PM

Expand comment: Rigoberto added a comment - 10/Oct/2023 9:13 PM

Collapse comment: Keith Sottung added a comment - 24/Jun/2023 3:47 PM

Expand comment: Keith Sottung added a comment - 24/Jun/2023 3:47 PM

Collapse comment: Joe Johnstone added a comment - 02/Aug/2022 9:00 PM

Expand comment: Joe Johnstone added a comment - 02/Aug/2022 9:00 PM

Collapse comment: John Winstanley added a comment - 12/Oct/2020 1:24 PM

Expand comment: John Winstanley added a comment - 12/Oct/2020 1:24 PM

Collapse comment: Chris Held added a comment - 12/Sep/2019 1:47 PM

Expand comment: Chris Held added a comment - 12/Sep/2019 1:47 PM

Collapse comment: Daphne Thunnissen added a comment - 05/Sep/2019 12:42 PM, Edited by Daphne Thunnissen - 05/Sep/2019 12:43 PM

Expand comment: Daphne Thunnissen added a comment - 05/Sep/2019 12:42 PM, Edited by Daphne Thunnissen - 05/Sep/2019 12:43 PM

Collapse comment: william added a comment - 20/Mar/2018 3:55 PM

Expand comment: william added a comment - 20/Mar/2018 3:55 PM

Collapse comment: Ian Appleby added a comment - 27/Feb/2017 4:23 PM

Expand comment: Ian Appleby added a comment - 27/Feb/2017 4:23 PM

People

Dates