See our Space Privacy - FAQ for further information
Important information regarding the use of Space Privacy - Extranet for Confluence
- User directory permissions: If set to "Read only" the Space Privacy Plugin can't work properly for now.
If there was an error assigning a user to an extranet because of missing add group permission, you'll get a meaningful error message with release 1.4
- If you use an OpenLDAP or ActiveDirectory, make sure you use "Read only, with local groups" or "Read/Write" in the Permission Settings.
- If you use Atlassian Crowd, make sure you its "Read/Write" and Crowd is configured with the "Manage Groups Locally" option and has group permissions (add, modify, remove)
- Your instance should be able to send HTTP request to itself (See User and Group autocomplete returns "404-Notfound")
- Groups that are created with the Space Privacy - Extranet for Confluence Plugin should not be deleted.
- Users have to be indicated once, if you want to assign them to an extranet space
- When deleting Extranet users, the linked Confluence user remains, but is set inactive.
- Not all macros are supported by the Space Privacy Plugin -> List of currently supported macros
- Some function are disabled by Space Privacy Plugin -> List of disabled functions
If you first use Space Privacy with an evaluation key and then want to register a full licence key from marketplace, you will have to deactivate the plugin and activate it again to make sure that the plugin works correctly.
- If the creation or conversion does not work, you may check if every user directory is available. The Space Privacy Plugin uses a Confluence mechanism, which requires a valid connection to all user directories. As a workaround you may disable the broken user directory temporarily.
- If you use your Confluence instance as Extranet and Intranet, internal users may not see each other when working in visibility configuration "Global and Space Administrators and Extranet User Managers". This is a known issue and will be fixed in later releases, but there's a workaround for now. See Internal users should see each other in restricted mode
Compatibility with Confluence
Installation & Licensing
The Space Privacy - Extranet for Confluence is a type 2 add-on, please note Atlassian's installation information:
- Sign on to your Confluence as admin
- Open the admin menu and select Atlassian Marketplace. The page "Search new add-ons" will load
- Search for Space Privacy - Extranet for Confluence in the Marketplace. The matching version of the add-on will be displayed in results.
- Click on Free Trial to install a trial version or click on Buy now to purchase a license for the Space Privacy - Extranet for Confluence. You will be asked to register at MyAtlassian. Space Privacy - Extranet for Confluence will be downloaded and automatically installed.
In the Space Privacy Extranet Configuration you can define some important settings that will effect all extranet spaces you create.
Scroll down to see details of every setting.
There are two tabs containing "General Configration" and "User Roles"
Who can see and find users that are not assigned to an extranet?
You can choose wether users who are not assigned to an extranet should be visible for other users or not. By selecting "Global and Space Administrators and Extranet User Managers" only those user types have access to all users. In this case Extranet users can only see Extranet users who have access to the same extranet spaces.
By selecting "All users" they can see users who are not part of an extranet space, e.g. internal employes.
Read the Visibilities Guide for detailed information about "who can see who".
Which admin roles should be available
You can define if Extranet Space Manager and Extranet User Manager are available to assign to an extranet space.
Only the selected admin roles will be displayed in "Create Extranet Space" window and in the Extranet Space tools.
Extranet Space Managers are able to assign users and groups and also have space administration rights.
Extranet User Managers can only assign users (no groups) to an extranet space. They don't have any rights to administer the space itself.
You may define one or more groups which users created in an extranet space will be assigned to.
This is useful to see all users potentially created by extranet user managers.
The configured groups must exist in your Confluence
Synchronize users and group memberships on plugin updates or reactivation?
While the plugin is deactivated, group memberships can change or users may be deleted. These changes are synchronised on every plugin update or reactivation. This may take a long time if you have a lot of extranet spaces and group.
So if you can make sure that users and their extranet related group memberships are not changed while the plugin is deactivated you can speed up the activation by unchecking this option. If you want to run the synchronization manually, you can do this on the "Synchronize / Fix Extranet Data" page.
Synchronize / Fix Extranet Data
If you want to make sure every user and group within the extranet is up to date, you can start the activation tasks manually one by one. Also if you notice inconstencies or visibility problems, this may be fixed by running these tasks. Also these tasks fix unpermitted permission changes done by (space) adminstrators that might distort the privacy settings.
Please note that while on of these tasks is running, the extranet space configuration is blocked (p.e. adding new extranet users). Privacy and visibility checks still works as expected.
Synchronize users and groups memberships
While the plugin is deactivated, group memberships can change or users may be deleted. These changes can be synchronised with this job. This job runs by default on every plugin activation
Fix "extranet-users" group memberships
All users assigned to an extranet space are added to the group "extranet users". In case somebody changed the "extranet-users" group memberships manually, you can run this job to fix the memberships.
Fix extranet groups
The content permissions for single users are managed by predefined extranet groups (e.g. extranet-SPACEKEY-user-consumer). If these groups are deleted or changed, you can run this job to fix the extranet groups.
Fix group permissions
If you assign existing groups to an extranet space, the plugin sets content permissions for that space. In case somebody changed these permissions manually, you can run this job to fix the permissions.
Initial User Permissions
It is possible to decide which initial permissions should be available in extranet spaces for extranet users. For now it is not available to set custom roles.
Disable Initial User Roles
You can disable certain User Roles by unselecting the "Enabled" checkbox
Edit Initial User Permissions
You may add or remove certain permission given to an initial extranet role
Assign User with initial roles
Above you can see which groups are built by creating an extranet space. There is a group for each initial permissions role.
In the Space tools you can assign users with the initial roles you set up in the Admin Configuration.
Clicking the next to the permission role, shows the space permission(s) assigned to the role.
Extranet users are limited within their extranet space and can not share content outside of the space. In addition, extranet users can only interact with other extranet users (i.e. via search) if they are part of the same extranet space. Read the Visibilities Guide for detailed information about "who can see who"
Content for a user will be blocked or filtered for extranet users.
This means the user
- is assigned to at least one extranet AND
- is not a user or space manager in at least one extranet AND
- is not a Confluence administrator AND
- the visibility configuration is set to "Global and Space Administrators and Extranet User Managers"
If you want the Space Privacy plugin to support other third-party plugins, you may consider a Sponsored development or create Custom Filters by your own to support this feature. Feel free to contact us!
The following functions are taken into account by the Space Privacy for Confluence
- Full search & quick search
- User directory
- Accessing a user profile via the browser
- Sharing function
List of all currently supported macros
- Activity Stream
- Blog Post
- Content by label
- Content by user
- Contributers Summary
- Global Reports
- Live Search
- Recently Updated Dashboard
- Recently Updated
- Task Report
- User Profile
- User list
- Labels List
- Popular Labels
- Profile picture
- Recently Used Labels
- Related Labels
- Search Results
- Custom User Profiles
- Individual User List
- Individual User Search
- Team Calendars
The following functions / plugins are disabled by the Space Privacy for Confluence
- Confluence Onboarding Plugin (Welcome Action)
- Label summary
- Please note that some restriction affect all users on the system (not only extranet users)
New in 1.3: Custom URL Filters
See Custom Filters
UseCase - shared non-extranet spaces
Using a non-extranet space shared by users from different extranets (e.g. for general informations) adds a new use case to the Space Privacy Plugin.
Since version 1.2 this configuration has been considered.
For an extranet user inside a non-extranet space, it is not possible to share a page with users or groups outside his extranet. Furthermore the "User List", "Popular Labels" and "Recently Used Labels" macros do not show sensible data.
- We highly recommend to make this shared spaces read-only to extranet users
- Make sure your internal users do not add customer specific mentions or contents, as this may make them visible to other users
Workaround: Internal users should see each other in restricted mode
Let intranet users see each other
If you use your Confluence instance as Extranet and Intranet, internal users may not see each other when working in visibility configuration "Global and Space Administrators and Extranet User Managers". In order to fix this, please do as follows:
- There must be a group, where all internal users are in (but no extranet users). In most cases this is the "confluence-users" group.
- Create a "dummy" extranet space (e.g. called "Intranet")
- Add the group with internal users as extranet members (e.g. Watcher) to the created extranet
By doing this, the Space Privacy Plugin assumes the internal users relate to the same extranet and therefore are visible to each other. We have the implementation of an easier way for this use case on our roadmap. If you are interested in a Sponsored Development for this feature, please contact us.
User list message "Indexing user..." never disappears
When you add or delete users in the extranet user list, the plugin blocks the view until all users are saved in the database and updated in the confluence search index. Depending on the number of users that were added or delete, the message "Indexing Users..." may be displayed a little longer (about 5-10 Seconds per 100 users).
If the message is displayed significantly longer, it is possible that an error occurred. Usually the following steps help to resolve this issue:
- Reload the page
- Rebuild the confluence search index (Confluence Administration > Content Indexing)
- Deactivate and activate the plugin (this is no magic, we actually run some heath checks when the plugin is activated)
If none of the steps fixes the problem, please submit an issue (https://seibert.biz/pluginhelp) and add application logs to help us analysing the cause of the problem:
- Set the log level for the key net.seibertmedia.extranet to DEBUG (Confluence Administration > Logging and Profiling)
- Open the hung up user list again, to generate meaningful logs
- Copy the application logs, if your have access, or generate a Support-ZIP (Confluence Administration > Support Tools / Atlassian Documentation)
- Submit an issue here and attach the application logs: https://seibert.biz/pluginhelp
User and Group autocomplete returns "404 - Not found"
If you notice user and group autocomplete (e.g. @-mention, share page or add restriction) does not work, this might be your problem.
It may occur in
- share page
- add page restrictions
- assign new users / groups to an extranet
Please check the following
1. Check the HTTP state
- Open the developer console in your browser
- Switch to the "network" tab (page reload needed)
- Open the user or group picker
- Check for a call which returns a 404 (should be a url like this: /rest/prototype/1/search.json?...)
2. Disable the max filter module
- Open the Plugin Manager (/plugins/servlet/upm), find the Space Privacy plugin in the list and unfold it
- Open modules
- Disable the following modules
- Max Results Servlet Filter (max-results-filter)
- Max Results Servlet Filter (max-results-filter-general)
- Check the page from 1.1 again and see if the autocomplete works
3. Server problem - quick test
If these tests solves your issue, then theres a problem with your server settings. Your Confluence instance is not allowed to send HTTP requests to itself. This can have many reasons - please contact your server administrator for a solution.
You may also check this by using curl from the server your instance is running.
curl -u <username>:<password> "<baseurl>/rest/prototype/1/search/user.json?query=<existinguser>&max-results=10"
Replace <username>, <password>, <baseurl> and <existinguser> with real values.
This request should return a valid answer (a json object).
- No labels