Which features are secured by Space Privacy?
Our app aims to secure every standard Confluence UI component that is not added by third-party apps. Some third-party apps are supported, if they use standard interfaces (e.g. for user search). Please let us know about problems you find with third-party apps, so that we can evaluate possible solutions. (https://seibert.biz/apphelp)
Space Privacy not only secures content via Confluence permissions. It also makes sure that only users who have at least one extranet space in common, can see each other in the system. For content permissions, the app uses Confluence space permissions. You don’t have to assign your custom permissions in extranet spaces: this would be counterproductive because it avoid the extranet user administration entirely.
The restricted visibility of users between extranet spaces is only possible through our app. Thus, when you deactivate the app all users will be visible to each other. Assigned content permissions remain as they were set.
Our security concept:
- Visibility of extranet users is bidirectional except for administrative roles (confluence administrator, extranet administrator, extranet user administrator). If user Alice can see user Bob, user Bob can see user Alice. The administrator Charlie can see Alice and Bob, even though they might not share an extranet space.
- Visibilities are different for global features (user profile, search, people directory) and space features (@-mentions, share page).
- In global features (user profile, search, people directory) a extranet user can see every user, with whom he shares an extranet space. Alice is assigned to the extranet spaces A and C, Bob to B and C. That’s why they can find each other using search, or view each other’s profiles.
- For space features (@-mentions, share page) a user can only interact with extranet users that are also assigned to the current extranet space. Alice is assigned to extranet spaces A and C, Bob to B and C. They can both mention and notify each other in the extranet space C via @-mentions and share pages, but not in the extranet spaces A and B.