-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 7.3.5
-
Component/s: User - Global / Space Permissions
-
Environment:
OnDemand, BTF
-
Severity 2 - Major
-
2
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
The Space Admin functionality allows a space to have 'Anonymous Access' allowed and displays the following warning:
WARNING
Anonymous users will not be able to view this space, because they have not been granted the global ‘Use Confluence’ permission. You can grant anonymous access to Confluence from global permissions.
The global permissions of the Confluence environment prevents anonymous users from accessing Confluence.
However, a user that is permissioned to Confluence but does not belong to a group that is currently permissioned to the space is now able to access the space. Examples of this behaviour have been attached.
Removing the anonymous flag from the space will then prevent this user from being able to access the space. You can use the following query to identify spaces with Anonymous permissions enabled:
SELECT spacename,
spacekey
FROM spaces
WHERE spaceid IN (SELECT spaceid
FROM spacepermissions
WHERE permgroupname IS NULL
AND permusername IS NULL);
Cheers,
Paul