• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 5.10.1, 6.9.0
    • Integrations - Jira
    • None

      Summary

      When a Service Desk user access a TinyLink of a "Service Desk Knowledge Base", the user gets a "Not Permitted" page, however, if this same user access the full URL of the space, he is able to access that specific space.

      According to CONFSERVER-45631, "Unlicensed users can only access the spaces if they have the direct links", however, the link of the space is working, only its TinyURL that isn't.

      We can see that it appears that there's a layer when Confluence is redirecting the URL that is not accessible for Service Desk Users, but this layer should not be active when the space is linked to Service Desk.

      Environment

      • Confluence
      • Service Desk

      Steps to Reproduce

      1. Connect Confluence with Service Desk.
      2. Create a test space.
      3. Link this new space to a Service Desk Project(Service Desk Knowledge Base).
      4. Create a Service Desk User.
      5. Access the full URL of the space just to confirm that the unlicensed user can view it.
      6. Go back to the space, get its TinyURL and share with the Service Desk user.

      Expected Results

      The user will be able to view the space through its TinyURL.

      Actual Results

      The user gets a "Not Permitted" page.

      Notes

      • Same problem doesn't happen with Anonymous Users, only with Service Desk users. Ensure that Anonymous access is disabled in order to confirm the problem.
      • This can be a blocker if customers are sharing TinyLinks to their customers.

      Workaround

      If you are able to share the full link, use it instead of the space's TinyURL. If you are not able to do that, then there is no other workaround.

            [CONFSERVER-55964] Space's TinyURL not working for Service Desk users(unlicensed)

            This issue is affecting our version of Confluence Data Center 8.5.20

            patlingrao_christopher added a comment - This issue is affecting our version of Confluence Data Center 8.5.20

            It's 2025 and there is still no fix. This is sad!

            Linux Administration StMELF added a comment - It's 2025 and there is still no fix. This is sad!

            Matt Ryall from Atlassian said...

            "the behaviour for tiny URLs will always be the same as if you visited the page directly".
            (https://jira.atlassian.com/browse/CONFSERVER-7073?focusedId=149240&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-149240)

            Breaking a promise to a customer should be given utmost severity, not minor. Please re-evaluate this issue.

            ps: giving read-access permission to the group the user belongs to doesn't fix the problem either.

            JIRA ADMINS CSCS added a comment - Matt Ryall from Atlassian said... " the behaviour for tiny URLs will always be the same as if you visited the page directly ". ( https://jira.atlassian.com/browse/CONFSERVER-7073?focusedId=149240&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-149240 ) Breaking a promise to a customer should be given utmost severity , not minor. Please re-evaluate this issue. ps: giving read-access permission to the group the user belongs to doesn't fix the problem either.

            Workaround if proxying Confluence via Nginx. Required ngx_http_perl_module: http://nginx.org/en/docs/http/ngx_http_perl_module.html

            1. Create tinyurl.pm:
              package tinyurl;
              
              use nginx;
              use MIME::Base64;
              
              use constant URL => '/pages/viewpage.action?pageId=';
              
              sub decode {
              	my $r = shift;
              	my $id = $r->filename;
              
              	# Transform tiny string to base64 string
              	$id =~ s/(.*)\///ge;
              	$id .= "A" x (8 - length($id));
              	$id =~ tr/-/\//;
              	$id =~ tr/_/+/;
              
              	# Convert base64 string to page ID
              	$id = decode_base64($id);
              	$id = unpack('L', $id);
              
              	# Redirect to page
              	$r->status(302);
              	$r->header_out('content-length', 0);
              	$r->header_out('location', URL . $id);
              	$r->send_http_header('text/html');
              
              	return OK;
              }
              
              1;
              __END__
              
            2. Edit nginx.conf:
              load_module "ngx_http_perl_module.so";
              …
              
              http {
              	perl_require tinyurl.pm;
              	…
              
              	server {
              		server_name confluence.example.com;
              		…
              
              		location /x/ {
              			perl tinyurl::decode;
              		}
              	}
              }
              
            3. Restart nginx.

            Pavel Mezhuev added a comment - Workaround if proxying Confluence via Nginx. Required ngx_http_perl_module: http://nginx.org/en/docs/http/ngx_http_perl_module.html Create tinyurl.pm: package tinyurl; use nginx; use MIME::Base64; use constant URL => '/pages/viewpage.action?pageId=' ; sub decode { my $r = shift; my $id = $r->filename; # Transform tiny string to base64 string $id =~ s/(.*)\ ///ge; $id .= "A" x (8 - length($id)); $id =~ tr/-/\ //; $id =~ tr/_/+/; # Convert base64 string to page ID $id = decode_base64($id); $id = unpack( 'L' , $id); # Redirect to page $r->status(302); $r->header_out( 'content-length' , 0); $r->header_out( 'location' , URL . $id); $r->send_http_header( 'text/html' ); return OK; } 1; __END__ Edit nginx.conf: load_module "ngx_http_perl_module.so" ; … http { perl_require tinyurl.pm; … server { server_name confluence.example.com; … location /x/ { perl tinyurl::decode; } } } Restart nginx.

            Nicolas PR added a comment - - edited

            This issue is a real problem for our company ... 

            We sent unreliable links to our customers (service desk users) throught the tinyUrl option. It's an addition to the others permissions issues with servicedesk users (https://jira.atlassian.com/browse/CONFSERVER-45631  since 2016  ?!)

            We haven't any solution to resolve this (except rewriting all ours links already sent) ....  It's pretty annoying, cause we took Jira and Confluence to avoid this kind of issues, but the service desk users are unable to do anything (not permitted on '/', on search, on tinylink, ... ) and we have a redirection plugin to manage some of theses issues.
            It's really surprising for us to discover all theses issues with service desk users licenced and we still surprised with this link issue....

            Nicolas PR added a comment - - edited This issue is a real problem for our company ...  We sent unreliable links to our customers (service desk users) throught the tinyUrl option. It's an addition to the others permissions issues with servicedesk users ( https://jira.atlassian.com/browse/CONFSERVER-45631   since 2016  ?!) We haven't any solution to resolve this (except rewriting all ours links already sent) ....  It's pretty annoying, cause we took Jira and Confluence to avoid this kind of issues, but the service desk users are unable to do anything (not permitted on '/', on search, on tinylink, ... ) and we have a redirection plugin to manage some of theses issues. It's really surprising for us to discover all theses issues with service desk users licenced and we still surprised with this link issue....

            Kim Kryger added a comment -

            We use Scroll Viewport along with Scroll Versions, and this makes it difficult to send customers links to pages whose names may change, as the URL's we are using are hierarchical in nature. It would look more professional to send them TinyLinks, than a long URL to a specific page.

            Kim Kryger added a comment - We use Scroll Viewport along with Scroll Versions, and this makes it difficult to send customers links to pages whose names may change, as the URL's we are using are hierarchical in nature. It would look more professional to send them TinyLinks, than a long URL to a specific page.

              Unassigned Unassigned
              gviana Guilherme V. (Inactive)
              Affected customers:
              21 This affects my team
              Watchers:
              21 Start watching this issue

                Created:
                Updated: