-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: User - Global / Space Permissions
-
None
-
1
Problem Definition
- Create some page restricted to user A.
- Login Confluence with user B.
- Access to the page created in step 1.
Then you will see the "No permission" screen. However it's responded as 200.
This was confirmed in Confluence 6.8.1.
Suggested Solution
It should return 403 forbidden or 404 not found.
Why this is important
- When thinking of page access audit with How to Enable User Access Logging, there's no way to detect "No permission" access attempt.
