Skip to end of banner
Go to start of banner
Skip to end of metadata
Go to start of metadata

Can I use Space Privacy in any number of Confluence instances?

A plugin's license can only be used in a Confluence instance. You can though, create as many extranet spaces as you'd like. In order to use Space Privacy in other Confluence instances, another license is needed. The required size orients itself to the Confluence instance.

Why are users visible, although they should not be visible?

The most likely cause is a misconfiguration or a third party add-on, that adds custom views to Confluence which are not supported by our add-on.

Please check the following steps to figure out if your configuration causes the unwanted visibility of users:

  1. Are the affected users assigned to an extranet space? The global setting Who can see and find users that are not assigned to an extranet space? has the option All users and only extranet users are restricted to search and view other extranet users.
  2. Is it possible to see other users in the confluence people directory (path: /browsepeople.action) and open their profiles? In this case the user has a configured permission the see the other user .
  3. Are the users assigned to the same extranet space? Users who shared the same extranet spaces, can collaborate and are allowed to search with each other. Please consider that users also can be assigned using confluence groups .
  4. Is the user, who can see "too many" users, a confluence administrator or has the admin role "Extranet Manager" or "Extranet User Manager" in one of your extranet spaces? In this case, the user must be allowed to see all other users to be able to manage the extranet space. Only assign admin roles to users, that are permitted to see all other users.

If non of the steps solve your problem, it is either a not supported feature of a third party plugin or a problem in your add-on. In both cases, please send us an report to our plugin support:

I would like only users, that work in the same extranet spaces, to be able to see each other. Internal and external users cannot be differentiated by the system.



This situation often occurs in pure extranet instances.

Only global administrators, space administrators and extranet user administrators have access to all users, so that assigning them to extranet spaces is possible. Until a user is assigned, they won’t be able to see any other users in the system.

This is especially useful, if adding external users is a process that’s independent from Confluence - in enterprises, employees often have to ask IT to add external users. Before one of those external users is added to an extranet space, they should not have access to other users and vice versa, which is why the previously mentioned option should be picked in the plugin configuration.





I would like to know that the external user cannot see each other. But at the same time, it should be possible to have access to my company's employees without the need to assign them to extranet spaces.



or external users can access all internal users and vice versa. External users don’t see each other, except when they work together in an extranet space

For situations like these, there is a checkbox in the global administration interface in the extranet! Pick the options “all users”.

This means that users who do not have a shared extranet space are unable to see one another. But, users who are not assigned to an extranet space are seen as "internal" and are able to communicate with external groups, with no need to be assigned to an extranet space.

(warning) Please keep in mind, that the corresponding “internal” user or groups need access to the spaces via permission.





I want to run intranet and extranet in the same instance and make sure, external users can only see employees, that they work with. At the same time the employees themselves should be able to continue working without restriction of visibilities.



  1. Adjust the plugin configuration, so that only global administrators, space administrators and extranet user administrators can access all user data.

  2. Create a dummy extranet space.

  3. Assign the groups to this extranet space, that represent the internal users, your employees (e.g. “all-employees”, “internal-user”, …). Often, these users are from the tethered LDAP (directory service), for example active directory (Microsoft). Space Privacy updates the composition of groups here as well, so that users, that are removed from an assigned group, also lose the access to the corresponding extranet space.

    As a result, all internal users still see each other and can use confluence as usual.

  4. If you also want your employees to work with external users, add the relevant users or groups to the respective extranet spaces.

    Only users that share one (or more) extranet spaces with external users, can be seen by them. This also applies to other external users (often locally managed) and internal employees of your company.

There already is a user story for a solution, that does not require an extranet dummy, in our backlog. However, the implementation is not yet planned. Please contact us, if you are interested in a sponsored development.





Is it possible to add users to more than one extranet space?

Yes. You can assign users to an unlimited amount of extranet spaces. This does not change the security strength of any user data.

If user 1 got assigned to extranet spaces A and B, they can view all user data and whoever else is included in the space.

Can I build up an extranet in my Confluence intranet with Space Privacy?

Yes. Normally you can characterize the application case of an extranet inside your intranet. If you wanted to work with outside users in extranet spaces within your instance, you might want to re-think your individualized infrastructure unfortunately. You can work outside company grounds, if you have installed the company's VPN. Depending on the degree of use and requirements, we recommend setting up a well-running Confluence system for your extranet.

Am I able to set up individualized permissions for each user?

There are 5 different permission roles that you can assign to every single group or user. In our experience, these assigned roles cover many relevant entitlement arrangements for extranets.
If the initial roles do not fit your needs, you can customize it in the global plugin administration under the tab user roles.
Just click on "edit" for the role you want customize and set the hooks you like.

(warning) Caution: Changes in permission apply to all available extranet spaces - including spaces that already exist.

What rights can I assign to an extranet user?

Like in the question before.
There are 5 different permission roles that you can assign to every single group or user. In our experience, these assigned roles cover many relevant entitlement arrangements for extranets.
If the initial roles do not fit your needs, you can customize it in the global plugin administration under the tab user roles.
Just click on "edit" for the role you want customize and set the hooks you like.

(warning) Caution: Changes in permission apply to all available extranet spaces - including spaces that already exist.

Can an Extranet space be managed by a Confluence or Space Admin?

No, there are 3 types of extranet administration that Space Privacy grants:

• The extranet administrator can manage both domain users, as well as the domains themselves.

• The administrator can manage the space, but cannot add or remove users.

• The extranet user administrator can manage users in the space, but not the space itself.

Our users are not locally managed in Confluence, but rather in a central setting in an LDAP - can Space Privacy still be used? 

Yes, the plugin also reaches LDAP users as long as it was configured in Confluence Administration.

However, it is absolutely necessary for local groups to be allowed, as space privacy creates groups for every extranet space. Users, that are assigned to the corresponding extranet space, are added to these groups.

We manage content permissions through the permissions for the confluence spaces in predefined groups. Consequently, content permissions remain unchanged even after the plugin is deactivated. Contrary to single permissions these predefined groups make sure that the extranet user administrator doesn’t have to be the space admin as well. In Confluence, only space admins can assign new permissions. With the admin role extranet user administrator we have created the possibility to give users, that aren’t or are not allowed to be space admins, administrative rights over the user administration of extranet spaces.

If a user is added to a extranet space, they won’t show up as a single person in the permission. Instead they are part of the group(s) that were created for this space by space privacy, e.g. extranet-SPACEKEY-consumer.

If the Plugin can’t use these extranet groups, the following error occurs:

This also applies, if the user administration isn’t done in Confluence, but in JIRA (or others) instead. You will find the option to allow local groups here as well.

If you have any questions about this, don’t hesitate to ask us. We would love to help you!

Using JIRA servers or Atlassian Crowd as a user directory

There’s no option “Read Only, with Local Groups” for JIRA Servers or Atlassian crowd. In this case the configuration consists of 2 steps. Firstly the option “Read/Write” has to be set for the user directory (JIRA server or Atlassian Crowd). Secondly the option “Read Only, with Local Groups” has to be configured in the tethered user directory.

Which version of Confluence is Space Privacy compatible with?

Confluence Server 5.9.1 - 6.2

How do I submit an issue?

Before you submit an issue with the space, please try to solve the issue with the following steps:

  1. Reload the page
  2. Deactivate and activate the plugin (this is no magic, we actually run some heath checks when the plugin is activated)
  3. Only if you see the message: "Indexing User...": Rebuild the confluence search index (Confluence Administration > Content Indexing)

If none of the steps fixes the problem, please submit an issue ( and add application logs to help us analysing the cause of the problem:

  1. Set the log level for the key net.seibertmedia.extranet to DEBUG. Use the logging administration (Confluence Administration > Logging and Profiling) to add net.seibertmedia-extranet as new logging key.
  2. Repeat the steps that caused the error to generate meaningful logs
  3. Copy the application logs, if your have access, or generate a Support-ZIP (Confluence Administration > Support Tools / Atlassian Documentation)
  4. Submit an issue here and attach the application logs: 
  • No labels