Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8521

Admin can view a page, which is restricted to them by typing in the url to that page.


    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: High High
    • None
    • 2.5
    • None
    • Standalone Solaris 10 Unix with JDK 1.5

      When a group sets the permissions on a page to view and edit only for that group, the admin can view the page by typing in the url. This should not be the case. Many gourps want to post secure information and not allow the admin to view it.

      Knowing that the admin could remove the restrictions on the page and view the page is OK since we know that this could be detected. But the ability for them to type in the url to a page and view it isn't acceptable.

      I assume this affects all versions that allow page restrictions.

            Unassigned Unassigned
            efe4717defd2 Matt Klein
            0 Vote for this issue
            0 Start watching this issue