Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
6.14.0, 6.13.4, 6.15.4
-
None
-
2
-
Severity 3 - Minor
-
Description
Issue Summary
Members of the confluence-administrators group are treated as a special user in Confluence as described in Global Permissions Overview.
This documentation states that members of that group would still consider the Space Permissions and Page Restrictions when editing a page. However, there's no reference whatsoever to creating a new page, which uses the same permission on the Space level.
The problem is that even when the Add pages space permission is revoked from all groups and users within a Space, members of the confluence-administrators can still create a page in that Space, while editing an existing page isn't possible.
It would be expected that consistency occurs among the same space permission, preventing members of the confluence-administrators from creating pages in the above situation.
Environment
- This was validated on Confluence Server 6.13.4 and 6.15.4.
- It is expected this bug affects any version prior to, and including, 6.15.X.
- This also affects Confluence Data Center deployments.
Steps to Reproduce
- Install a vanilla instance of Confluence.
- Create a sample Space.
- Logged with an user part of the confluence-administrators group, edit the permissions of this Space.
- Make sure only the confluence-users group has permissions assigned, removing any other group and users.
- Make sure only the View and the Space Admin permissions are assigned to the confluence-users group.
- Go back to the Home Page of the target space and note that the Edit button in that page is gone.
- Click on the Create blank page button.
Expected Results
Confluence doesn't allow a page to be created in the current Space, since the Add Page Space permission was revoked from all groups and users in that Space.
Actual Results
Confluence still allows users of the confluence-administrators group to create a page.
Notes
If trying to create a page using a template other than the blank page, for example the How-to article template, the admin is able to navigate through the template form, but creating the page fails with a Not Permitted error page as the image below.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available.