https://getsupport.atlassian.com/browse/CSP-314628

The aforementioned workarounds won't prevent a logged in user from seeing every other user by searching for * (with type: user) /dosearchsite.action?cql=siteSearch+~""+and+type%3D+"user"&queryString=

Please at least provide a way to disable searching for users completely if fine-grained controls cannot be implemented quickly

the "people who can view" feature can allow anonymous users browse all the user list, regardless of the "-Dconfluence.disable.peopledirectory.all=true" option that we have set. This seems pretty serious to me.

This is quite serious indeed!

Since Atlassian can't be bothered, here are the workarounds I've found (so far...):

1) Deny locations in webserver config (e.g. Apache reverse proxy in front of Confluence):

<Location "/plugins/gatekeeper-plugin/who-can-view/">
    Require all denied
</Location>

<Location "/browsepeople.action">
    Require all denied
</Location>

2) In Confluence admin: Manage apps -> Confluence Mentions Plugin -> Disable

The "People who can view" can probably also be disabled by disabling some modules of the "gatekeeper-plugin". Please share if you find better workarounds!

Does someone know when this problem is solved?

Are we also aware that the "people who can view" feature can allow anonymous users browse all the user list, regardless of the "-Dconfluence.disable.peopledirectory.all=true" option that we have set. This seems pretty serious to me.

Hi all

It is a legal problem if unrelated third parties can access your personal information (and vice versa) just because you chose to interact with a software company which is using Confluence for their documentation (and Jira for task management).

Disabling the people directory is not a viable cure, as it reduces the value of Confluence notably.

Confluence and Jira should allow to restrict the people directory content to users allowed to access a certain space or project. A bit more sophisticated would be a configuration of the people directory content available to certain user groups - a filter per user group or something along these lines.

I know, that doesn't make Confluence incredibly quick, but it would be a lot easier to work with law-abiding companies from the medical, fintech and hightech sectors if that functionality would be available. We really need to be able to control what personal information is available to whom. 

Continued failure to provide such a feature makes Confluence and Jira non-GDPR compliant, so speed is essential here.

Yours truly

Peter

We are surprised this functionality doesn't exist as part of the core security functionality. This should be basic that we don't allow our clients from one project to see the names of the clients from another project. It feels awful to have to tell our clients that we can't hide their information from others and it leaves them questioning how much of their data can others see. Of course others can't see their project space, but this puts that concern square in front of them.

I did see in the chain above that there is an add-on for this functionality. Which I was super excited about until I looked at the pricing. Obviously, lots of people want this functionality and will apparently pay for it? It's really too bad that this is the highest-price app I've seen and it addresses basic functionality that should be part of the tool set.

At some point, after 13 years, I would hope (expect) this to be included as base functionality.

Hi Alex,

Not defending Atlassian's approach to these feature requests / issues, in any way, shape, or form.  Don't suggest I am because I am not I can assure you.

However, I disagree that Atlassian is 'at least' as unprofessional as Kaspar.  Is Atlassian 'unprofessional' in the way they have handled these issues? Yes, incredibly and it should and probably has cost them a small amount business. 

But in 'at least' (i.e. read as 'the same or worse') than Kaspar?  Ultimately not.

"is not a sign for failing composure of an individual but much more the condensed frustrations of 13 years".  Yes frustrations understandable, but this is incorrect: Kaspar's outburst was a textbook definition of failing composure, and I don't think there's any other way of looking at it.  This person displayed an example of not maintaining composure - entirely evident by the fact they (or someone) deleted the comments after the fact.  No-one should behave this way in a professional environment - no-one.

Wholeheartedly agree with you here though: "We all want this resolved; And Atlassian willingly ignores their customers. That's what's up."

I left the exact same sentiment on a survey they recently sent me.  What got me the most was they only just sent a bulletin on new features in Confluence titled "You asked, we listened".  You can see where I may have went with this on my responses... 

Hello
Sorry but as far as I am aware of, and according to linked Suggestion issues, both Server and Cloud editions are still facing this security/privacy trouble.
Notice that the "mention" features (key shortcut @) in both Confluence and Jira are facing this trouble too as "anyone can browse any other users in directory".
When a company expects to comply ISO 27001 or GDPR in a "mutual instance" - meaning hosting multiple projects and customers/partners in a single system (to reduce operation, maintenance and license costs of course), this "openness" spirit is really annoying.
Regards. Yves Martin

Hi Stuart,

While I can see and respect where you are coming from ("Professionalism and kindness as base values", which I normally support), I cannot help but write that Atlassian is at least as unprofessional as Kaspar, if not even more so. Kaspar's comment, in all its imperfectness, is for me not a sign for failing composure of an individual but much more the condensed frustrations of 13 years of people waiting for this issue to be tackled.
The Server Version apparently has this issue resolved, so why not us? Us, the small companies that rely on cloud services because server maintenance is not an option. And Us, the mid-sized companies that grew their JIRA-space and fully integrated it into their daily workflows

Let's not get this issue between us. We all want this resolved; And Atlassian willingly ignores their customers. That's what's up.

Take care,

Alex

Kaspar - that's incredibly immature and unprofessional.  You need to grow up, and I hope your customers discover the way you treat your vendors and suppliers.

I only see one loser here.

8 months since last comment in here - I hereby +1400 to this, as we may be forced to use another collaboration tool because of this specific issue.

Please, any acknowledgement from Atlassian on this would be appreciated.

Crap support. Trash product. Did not renew our license

Same question here. 12 years and not prioritized yet?

I'm really curious why this ticket is 12 years old, and still Confluence is not compliant to privacy policy rules. This is a critical issue for all your EU customers. 

>  At this stage we do not have a way to control who can browse the people directory.

Space Privacy App can do it, so why not the core product.

Hello, is it possible to somehow completely disable the "People" functionality also in cloud instance of the Confluence?  We have users from different companies accessing our Confluence and with this feature (when everyone can see everyone), we really cant use it.

Have a look at the Confluence App Space Privacy on the Atlassian Marketplace. I think this App could solve your problem, because it allows you to create isolated extranet spaces. All people in an extranet space are able to see only those people in Confluence (people directory, mentions, search etc.) with whom they share an extranet space. 

@Atlassian - thanks for the december update. We very much second what Mr. Ewert of Audi wrote - you cannot at the moment comply with the GDPR when using Confluence for internal and external collaboration.

Kind regards,
Lukas Kolbe

+1400 from our organisation, if you use Confluence as an Enterprise Intranet and Collaboration tool like we do, neither deactivating nor keeping the people directory open is an option. This is a dead end. 

I support the last statement by the Audi team. Our data privacy officer has the same concerns. According to him, all EU customers of Atlassian Confluence that have mixed teams of internal users and external users and use Confluence in the standard configuration are violating GDPR and may be subject to a fine of up to  4% of the worldwide annual revenue. The only options would be to disable the people directory completely (with drawbacks in usuablitiy) or to use a workaround with an App from the Confluence app store.

@Atlassian

If you really "take the GDPR requirements seriously" you may want to hire an expert that shows you what legally required features your product should provide to customers to be able to legally use it in one of the biggest markets in the world and to fasttrack these issues.

Dear Sir or Madam,

We also want to participate in this ticket and show our need for an improved separation and an extended rights concept within CONFLUENCE and JIRA.

In our daily work we use ATLASSIAN products internally as well as with our external service providers. Different teams work together on projects and therefore have access to our CONFLUENCE and JIRA, too. Due to the regulations of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)it is not acceptable for us that every user can see all existing users in our environment.

This applies in particular to the following functions:

• People Directory
• @mentions
• Search function
• Creator / Participants fields inside issues
• etc.

To solve this data privacy challenge we need a separation of the spaces within CONFLUENCE and JIRA, functional permissions based on an extended rights & roles concept as well as the possibility to restrict certain functions globally.

Are there any plans to implement such features in the near future?

Kind regards
Audi Business Innovation GmbH

Please do this.  

Has anyone considered this in connection with the GDPR?
We may have to switch to another solution because our CSO found a violation here...
Please reconsider a short-term solution.

pleaseee do it!!! 

This would be a solution, but rises costs up to 25%. 

For Confluence Server you can use Space Privacy. It restricts the People Directoy, @mentions, search and other functions where users can be found. 

Found this picture elsewhere. Please get this done, maybe this little motivation helps?

Must have for confluence instances that are opened to external users.

It's disappointing to hear that Atlassian has a setting support can enable that will reduce the scope of this issue yet they won't surface this feature to make it customer accessible nor move the setting forward with upgrades.

Our solution was to give alias email addresses to the contacts we wanted to mask, but in the end, the only thing that proved truly bulletproof was to give up.  we now don't have a number in confluence because of this lack of segregatability.  Odd that even Basecamp - arguably the most limited pm tool - provides users with the ability to fence off flagged users so they have limited visibility into content, tickets, and users, while Atlassian provides no such offering.  Not yet....but hoping someday soon!!!

Yes, you can get them to hide the people directory tab (or button - I've forgotten), but if you type @m (mentions) anywhere in Jira or Confluence you get the list.  I have adapted by asking my client users to make an email account of which they share, but does not provide real names/emails.  This does not provide good traceability for us, does not make Atlassian look very good, and is overall embarrassing. But until they fix this, it is the best I can figure out. If anyone has been able to get rid of the @m feature, I'd love to know.

To all: there is a workaround to hide this "People's Directory" in cloud version, and actually it's very simple... just ask Atlassian support for that. I just asked them to remove it from my Confluence cloud, and they did it. Here is their answer:

"I have applied the workaround to hide the people directory on your instance, One thing to note is that I cannot guarantee that the change will be permanent, and may be removed at any time without warning."

So it looks like it can be done on demand, but actually it is not super stable solution. They can revert the change anytime.

I suppose it's better than nothing...

We were migrating to Confluence and Jira cloud this week.  We had customized our Confluence Server instance to hide user profiles.  We just found that not only are the profiles available, but the updated UI in the latest Confluence makes it very easy to search all people.  We cannot have our customers seeing other customers in our system.  We are going to have to go back to Confluence Server until this is resolved.  Very disappointing!

+10 years?! Ow, c'mon!

This is really must-have feature for us (in Cloud version). Otherwise we cannot share our Confluence with different customers...

This missing feature hinders us from working with Confluence on several clients. This is really a major issue. Ten years without a solution, have we chosen the right software?

Hi Adam,

 as Jens mentioned, this is 10+ years old feature request. Can you guys hurry up?

I do understand the complexity of this, but still...10years!

Hey Adam,
regarding your December update, i can only say: hurry up. This feature wish is ten years old. That should be enough time to find a working solution.

Glad there is a workaround for server users. There are a ton of cloud users that will be affected by this though.

I think the solution for this problem could be the confluence server app Space Privacy. 

You can work with external users in isolated spaces. So if you add the external A in space A and the external B in space B they can not see and find each other, just other users in their space. Also they can only see those internal users which are in space A and B. This works for the search, user directory etc. so it should be a solution for the EU General Data Protection Regulation (right on personal images etc.)

Regarding this problem and EU General Data Protection Regulation (GDPR, see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation ) -

We are expecting troubles after GDPR is enforced (May, 2018). Technically, if a resource with Confluence is publically available and there is no way to reasonably narrow visibility (or disable it personally for particular users) it violates the rules. The possible fine will be up to 20000000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year.

May you please comment this risk?

Just in case it is not clear from the note in the description, this ticket has been cloned into separate Cloud and Server tickets.
This ticket is for the Server discussion, please see CONFCLOUD-7837 for Cloud related votes/comments.

Cheers,
Adam - Confluence PM

Does anyone know of a plug-in for the Cloud solution that fixes this issue?

You can even extend the wording to:
"Atlassian has no intention of fixing bugs because this is obviously part of their business model."

Many bugs or missing core features can be patched by installing (non-free) plugins. We have fixed this issue by installing the Private Parts add-on on our Confluence Server. This works as expected, but we were required to completely restructure our permission concept.

{quote}

... but Atlassian apparently has no intention of fixing it for cloud users

{quote}

this is not cloud-specific.  Better wording of your complain is

"Attlassian has no intention of fixing bugs." 

(this is true at least for bugs which existed already in versions before the current main version, e.e. now 6.x)

and, btw, the "instructions on how to disable this in your self-hosted instance" (written by the product manager a year ago) is an incomplete work-around. There are still several doors open to interested users to see other users' records which we don't want them to see. It's only less obvious, but it does not fulfill the criteria of "personal data protection".

Thanks, Frances!  I'll let the beating begin!

Sorry Mathew, but Atlassian apparently has no intention of fixing it for cloud users.  This ticket was created in 2007,  and no matter how many people complain, Atlassian is tone deaf for the cloud users.  It is astonishing.

But if you beat on them (and yes, you have to beat on them because some will give you long, creative explainations of why it cannot be done), you can get them to disable the People Directory button for you.  It does not remove the @mentions, and it is a pretty lame solution, but it is better than nothing.

I'm also looking to shield a group from the People Directory.  I'm surprised this isn't available out of the box, even for cloud users, as am I.  I hope we can get this feature released soon!  thanks!

We have a solution which addresses working with external parties in Confluence. We've restricted the people directory, at-Mentions, some macros, search, ... - based on extranet spaces, in which external users work together. People are only allowed to collaborate with others who they share an extranet space with. It's named "Space Privacy - Extranet for Confluence" (only available for server instances).

Yes - cloud for me as well.

any updates from Atlassian ? The last update was a year ago.

We too need to disable the People Directory AND limit the scope of @mentions for security/privacy reasons.

This issue was originally opened in 09/Feb/2007 8:13 AM in 10 years you still have no answer....

Thanks a ton - I'll open a case and get the directory turned off. @mentions are a bit bad, but no where near as bad as a directory.  Your comments much appreciated.

Yes - cloud for me as well.

Yes, cloud.  Try @ mentions to see if that is a show stopper for you.  Equally as bad in our case.

Thanks for the comments that they can turn this off - I'll open a support ticket.  Just to confirm - this is Confluence Cloud - not a local instance ... 

Yes, they can turn off the People directory menu item but "@ mention" still gives you the list of all the names in the system, and in some cases their emails.

Stephen,
They can turn it off the directory for you. I had one group tell me they could not turn it off, with a boatload of elegant nonsense as to why not, and meanwhile another (more competent) support guy turned it off for me without a problem (I had 2 support tickets open).

The directory is not, in fact, of much value, but is a HUGE security privacy issue.  We use Confluence for our customers and it provides far to much cross customer visibility.

As others have indicated - bump this up and fix it.

You don't need anything complicated - just allow us to disable directory browsing.