Please see https://support.atlassian.com/browse/CWDSUP-323 for details.
Summary: By having the group "confluence-administrators" hardwired we can not partition administrative rights when using multiple confluence instances and CROWD.
The administrative group is currently hardwired into confluence. This design leaves some room for improvement
Suggestion: Make the administrative (superuser) group (which is currently confluence-administrators) configurable, so that we can have things like
service.confluence-adminsitrators and topsecretprojects.confluence-administrators.
This is critical for us as we can not do the integration without (see the CROWD ticket for details)