The new Inspect permissions feature does not respect nested groups. This also applies to the "people who can view" feature.
- Use an external user directory server
- Have a user who is directly in group ChildGroup, which is a child group of ParentGroup
- Ensure the user is known to confluence, e.g. by logging in as them.
- Give ParentGroup permission to do something in Confluence. E.g. give ParentGroup access to view pages in a space
- Inspect permissions for the user
The permissions for the user should show that the user gets permissions from ParentGroup
The permissions for the user disregard permissions from ParentGroup
To check if you are impacted by this issue, please run the following query on your database:
If this query returns one or more results, then you are impacted and permissions assigned to the resulting parent/intermediate groups won’t be recognised by the People who can view or Inspect permissions features.
Please note that this doesn’t mean that these permissions aren’t enforced, it just means that the Inspect permissions and People who can view features will not reflect them.
If you are impacted by this issue, we recommend you go to Manage Apps and temporarily disable the Inspect Permissions - Gatekeeper system app. This will disable the People who can view and Inspect Permissions features, and prevent users and admins relying on information that is incorrect.