Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8521

Admin can view a page, which is restricted to them by typing in the url to that page.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • High
    • None
    • 2.5
    • None

    • Standalone Solaris 10 Unix with JDK 1.5

    Description

      When a group sets the permissions on a page to view and edit only for that group, the admin can view the page by typing in the url. This should not be the case. Many gourps want to post secure information and not allow the admin to view it.

      Knowing that the admin could remove the restrictions on the page and view the page is OK since we know that this could be detected. But the ability for them to type in the url to a page and view it isn't acceptable.

      I assume this affects all versions that allow page restrictions.

      Attachments

        Issue Links

          relates to

          Suggestion - CONFSERVER-4616 Remove/rework special privileges of confluence-administrators ("superuser") group

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              efe4717defd2 Matt Klein
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: