Important information regarding the use of Space Privacy - Extranet for Confluence
- Space Privacy requires certain user directory permissions. See User Directory Configuration
- Groups that are created with the Space Privacy - Extranet for Confluence Plugin should not be deleted.
- Users have to be indicated once, if you want to assign them to an Extranet Space
- Not all macros are supported by the Space Privacy Plugin -> See Limited Visibilities
Some function are disabled by Space Privacy Plugin -> List of disabled functions
Compatibility with Confluence
Installation & Licensing
The Space Privacy - Extranet for Confluence is a type 2 add-on, please note Atlassian's installation information:
- Sign on to your Confluence as admin
- Open the admin menu and select Atlassian Marketplace. The page "Search new add-ons" will load
- Search for Space Privacy - Extranet for Confluence in the Marketplace. The matching version of the add-on will be displayed in results.
- Click on Free Trial to install a trial version or click on Buy now to purchase a license for the Space Privacy - Extranet for Confluence. You will be asked to register at MyAtlassian. Space Privacy - Extranet for Confluence will be downloaded and automatically installed.
In the Space Privacy Extranet Configuration you can define some important settings that will effect all extranet spaces you create.
Scroll down to see details of every setting.
There are two tabs containing "General Configuration", "User Roles", "URL Filter" and "Extranet spaces".
Who can see and find users that are not assigned to an extranet?
You can choose wether users who are not assigned to an extranet should be visible for other users or not. By selecting "Global and Space Administrators and Extranet User Managers" only those user types have access to all users. In this case Extranet users can only see Extranet users who have access to the same extranet spaces.
By selecting "All users" they can see users who are not part of an extranet space, e.g. internal employes.
Read the Visibilities Guide for detailed information about "who can see who".
Use extranet permission groups
Extranet permission groups represent members of a certain extranet role (e.g. 'Watcher'). By enabling this feature, you are able to use the extranet permission groups within Confluence actions (e.g. 'Share page').
Please note, that only users that are directly assigned to an extranet will be meber of the extranet permission group. User assigned via a Confluence group will not be considered.
In an Extranet you might want to define internal users (e.g. employees of your company), which should see each without considering any Extranet Space visibility. This can be done by defining Confluence groups here (you don't need any dummy Extranet Space).
The configured groups must exist in your Confluence
External Extranet User Managers
External users should be able to administrate their own extranet spaces without having access to all users throughout the system. Only extranet user managers and extranet space managers, who are also members of an "internal group" still have access to all users.
Create new users with additional groups
Enable if new users can be created within an Extranet Space. Use this Feature if you want Extranet User Manager be able to create users, without giving them administration permissions
You may define one or more groups which users created in an extranet space will be assigned to.
This is useful to see all users potentially created by extranet user managers.
The configured groups must exist in your Confluence
Which admin roles should be available
You can define if Extranet Space Manager and Extranet User Manager are available to assign to an extranet space.
Only the selected admin roles will be displayed in "Create Extranet Space" window and in the Extranet Space tools.
Extranet Space Managers are able to assign users and groups and also have space administration rights.
Extranet User Managers can only assign users (no groups) to an extranet space. They don't have any rights to administer the space itself.
Synchronize users and group memberships on plugin updates or reactivation?
While the plugin is deactivated, group memberships can change or users may be deleted. These changes are synchronised on every plugin update or reactivation. This may take a long time if you have a lot of extranet spaces and group.
So if you can make sure that users and their extranet related group memberships are not changed while the plugin is deactivated you can speed up the activation by unchecking this option. If you want to run the synchronization manually, you can do this on the "Synchronize / Fix Extranet Data" page.
Synchronize / Fix Extranet Data
If you want to make sure every user and group within the extranet is up to date, you can start the activation tasks manually one by one. Also if you notice inconstencies or visibility problems, this may be fixed by running these tasks. Also these tasks fix unpermitted permission changes done by (space) adminstrators that might distort the privacy settings.
Please note that while on of these tasks is running, the extranet space configuration is blocked (p.e. adding new extranet users). Privacy and visibility checks still works as expected.
Synchronize users and groups memberships
While the plugin is deactivated, group memberships can change or users may be deleted. These changes can be synchronised with this job. This job runs by default on every plugin activation
Fix "extranet-users" group memberships
All users assigned to an extranet space are added to the group "extranet users". In case somebody changed the "extranet-users" group memberships manually, you can run this job to fix the memberships.
Fix extranet groups
The content permissions for single users are managed by predefined extranet groups (e.g. extranet-SPACEKEY-user-consumer). If these groups are deleted or changed, you can run this job to fix the extranet groups.
Fix group permissions
If you assign existing groups to an extranet space, the plugin sets content permissions for that space. In case somebody changed these permissions manually, you can run this job to fix the permissions.
Check user directories
Initial User Permissions
It is possible to decide which initial permissions should be available in extranet spaces for extranet users. For now it is not available to set custom roles.
Disable Initial User Roles
You can disable certain User Roles by unselecting the "Enabled" checkbox
Edit Initial User Roles
You may change the name of the initial user roles.
Instead of the actual name you can also use an language key to translate the role names (e.g. the 'Watcher' name can be also set as 'extranet.user.role.consumer')
The names of the refering extranet permission groups will not change due to technical reasons
You may add or remove certain permission given to an initial extranet role
Assign User with initial roles
Above you can see which groups are built by creating an extranet space. There is a group for each initial permissions role.
In the Space tools you can assign users with the initial roles you set up in the Admin Configuration.
Clicking the next to the permission role, shows the space permission(s) assigned to the role.
When deleting Extranet users, the linked Confluence user remains, but is set inactive.
Extranet users are limited within their extranet space and can not share content outside of the space. In addition, extranet users can only interact with other extranet users (i.e. via search) if they are part of the same extranet space. Read the Visibilities Guide for detailed information about "who can see who"
Content for a user will be blocked or filtered for extranet users.
This means the user
- is assigned to at least one extranet AND
- is not a user or space manager in at least one extranet AND
- is not a Confluence administrator AND
- the visibility configuration is set to "Global and Space Administrators and Extranet User Managers"
If you want the Space Privacy plugin to support other third-party plugins, you may consider a Sponsored development or create Custom Filters by your own to support this feature. Feel free to contact us!
The following functions are taken into account by the Space Privacy for Confluence
- Full search & quick search
- User directory
- Accessing a user profile via the browser
- Sharing function
List of all currently supported macros
- Activity Stream
- Blog Post
- Content by label
- Content by user
- Contributers Summary
- Global Reports
- Live Search
- Recently Updated Dashboard
- Recently Updated
- Task Report
- User Profile
- User list
- Labels List
- Popular Labels
- Profile picture
- Recently Used Labels
- Related Labels
- Search Results
- Custom User Profiles
- Individual User List
- Individual User Search
- Team Calendars
The following functions / plugins are disabled by the Space Privacy for Confluence
- Confluence Onboarding Plugin (Welcome Action)
- Label summary
- Please note that some restriction affect all users on the system (not only extranet users)
Custom URL Filters
See Custom Filters
New in 2.1: Initial Admin Roles
By configuring initial admin roles (Extranet Space Managers and Extranet User Managers), you give a preselection for admin roles when creating a new extranet space or when converting a normal space to an extranet space.
This is only a preselection! The configured managers can be unselected by the creator of the extranet.
UseCase - shared non-extranet spaces
Using a non-extranet space shared by users from different extranets (e.g. for general informations) adds a new use case to the Space Privacy Plugin.
Since version 1.2 this configuration has been considered.
For an extranet user inside a non-extranet space, it is not possible to share a page with users or groups outside his extranet. Furthermore the "User List", "Popular Labels" and "Recently Used Labels" macros do not show sensible data.
- We highly recommend to make this shared spaces read-only to extranet users
- Make sure your internal users do not add customer specific mentions or contents, as this may make them visible to other users
Internal users should see each other in restricted mode
Let intranet users see each other
This can be done by configuring 'internal groups'
User list message "Indexing user..." never disappears
When you add or delete users in the extranet user list, the plugin blocks the view until all users are saved in the database and updated in the confluence search index. Depending on the number of users that were added or delete, the message "Indexing Users..." may be displayed a little longer (about 5-10 Seconds per 100 users).
If the message is displayed significantly longer, it is possible that an error occurred. Usually the following steps help to resolve this issue:
- Reload the page
- Rebuild the confluence search index (Confluence Administration > Content Indexing)
- Deactivate and activate the plugin (this is no magic, we actually run some heath checks when the plugin is activated)
If none of the steps fixes the problem, please submit an issue (https://seibert.biz/pluginhelp) and add application logs to help us analysing the cause of the problem:
- Set the log level for the key net.seibertmedia.extranet to DEBUG (Confluence Administration > Logging and Profiling)
- Open the hung up user list again, to generate meaningful logs
- Copy the application logs, if your have access, or generate a Support-ZIP (Confluence Administration > Support Tools / Atlassian Documentation)
- Submit an issue here and attach the application logs: https://seibert.biz/pluginhelp
Dark Features are not part of our official support and represent beta features without any guarantee to work proplery on all systems.
To enable a dark feature simply call '<BASE-URL>/rest/extranet/latest/darkfeature/enable/<FEATURE-KEY>' in a browser.
To disable it '<BASE-URL>/rest/extranet/latest/darkfeature/disable/<FEATURE-KEY>'.
Max Result Filter
Feature Key: MaxResultFilter
As Confluence does not provide functions to restrict users, the mentions autocomplete does not get filter in any way and limits the search results to 10 by default. With Space Privacy it may happen, that the first 10 search results are hidden users and the result is therefore empty. By enabling this feature, the serach results are extended to 50. We faced some problems on some infrastructures, which lead in problems with mentions and user assignment. See User and Group autocomplete returns "404-Notfound"
- No labels