Skip to end of metadata
Go to start of metadata

(info) For permissions upon creating a space, also see New Spaces have Restrictive Permissions upon Creation.

You can define permissions for your spaces. Also, you can restrict permissions to pages and their subpages.

You can either assign rights to individual users or to groups.

The groups are based on the database of Confluence internal groups and Jacobs University's LDAP server.

Only these user groups are actively maintained at Jacobs University:

  • confluence-users (minus)
  • GS-JACOBS-Members-FLAT (plus)
  • GS-CAMPUSNET-ACTORTYPE-X, where X is an address type as managed in CampusNet
  • GS-CAMPUSNET-COURSE-NNNNNN, where NNNNNN is a course number from the course catalog

confluence-users

This group is an internal group to Confluence. It holds user accounts not managed in AD. Specifically, these are users who have signed up themselves to Jacobs University's system. They are put into this group by default of the Confluence software. These users are usually external to Jacobs University. Hence, do not assign any permission to this group without prior extensive pondering. It is rather to be expected, that you assign permissions for specific spaces created by you for co-operation with external individual users you know.

As confluence-users is never what you really want, all permissions assigned to confluence-users group on a space level are automatically removed once a month. If the group GS-JACOBS-Members-FLAT has not had any permissions assigned to the same space, GS-JACOBS-Members-FLAT is added to the space and gets the permissions previously assigned to confluence-users.

teamwork allows to invite external users.

GS-JACOBS-Members-FLAT

This group is managed in Jacobs University's central identity management system and holds all members of Jacobs University as managed by CampusNet. This should be the default target group for your information within this site. By default you should assign reasonable permissions to this group.

Use GS-JACOBS-Members-FLAT as standard group to assign permissions, not confluence-users.

Mind the capitalization of letters! See Group names for permissions are case sensitive for more information.

There are more groups representing organizational groups:

  • GS-JACOBS-Admin-FLAT
  • GS-JACOBS-Employees-FLAT
  • GS-JACOBS-Faculty-FLAT
  • GS-JACOBS-Members-FLAT
  • GS-JACOBS-Staff-FLAT (actor type "Technician", i.e. non-admin, non-faculty employees)
  • GS-JACOBS-Students-FLAT
  • GS-JACOBS-Guests-FLAT

(lightbulb) Please note, that the membership in this groups is determined by CampusNet data, hence maintained by the CampusNet team!

GS-JACOBS-Employees-FLAT

This group collects all employees of Jacobs University

GS-CAMPUSNET-ACTORTYPE-X

These are groups based on CampusNet actor type information. X is the actor type as managed by CampusNet, with all spacces and slahes substituted by dashes. Each group holds Jacobs University members' ids having that actor type. One Jacobs University member can have several actor types, hence be in several of those groups.

Groups available are:

  • GS-CAMPUSNET-ACTORTYPE-Adjunct-Professor
  • GS-CAMPUSNET-ACTORTYPE-Alumni
  • GS-CAMPUSNET-ACTORTYPE-Assistant
  • GS-CAMPUSNET-ACTORTYPE-Director
  • GS-CAMPUSNET-ACTORTYPE-Exchange-Student
  • GS-CAMPUSNET-ACTORTYPE-Further-Lecturer
  • GS-CAMPUSNET-ACTORTYPE-Gueststudent
  • GS-CAMPUSNET-ACTORTYPE-Habilitant
  • GS-CAMPUSNET-ACTORTYPE-Lecturer
  • GS-CAMPUSNET-ACTORTYPE-Mitarbeiter-sonstige
  • GS-CAMPUSNET-ACTORTYPE-Praktikant
  • GS-CAMPUSNET-ACTORTYPE-President-Vice-President
  • GS-CAMPUSNET-ACTORTYPE-Professor
  • GS-CAMPUSNET-ACTORTYPE-Research-Assistant
  • GS-CAMPUSNET-ACTORTYPE-Research-Associate
  • GS-CAMPUSNET-ACTORTYPE-Scientific-Fellow
  • GS-CAMPUSNET-ACTORTYPE-Student
  • GS-CAMPUSNET-ACTORTYPE-Technician
  • GS-CAMPUSNET-ACTORTYPE-Teaching-Assistant
  • GS-CAMPUSNET-ACTORTYPE-University-Lecturer
  • GS-CAMPUSNET-ACTORTYPE-Visiting-Professor
  • GS-CAMPUSNET-ACTORTYPE-Visiting-Student
  • GS-CAMPUSNET-ACTORTYPE-external-Instructor
  • GS-CAMPUSNET-ACTORTYPE-external-Student
  • GS-CAMPUSNET-ACTORTYPE-sonstige-Faculty

The groups are recalculated several times a day, based on AD information, which is based on CampusNet information, which is based on the personnel database for employees, the registrar's information for undergraduate students, and the SES/SHSS/JCLL dean's offices for the graduate students.

Account information is available via Simple Directory Search (from campus network only).

GS-CAMPUSNET-COURSE-NNNNNN

NNNNNN is a six digit number denoting a course from the course catalog.

The group names GS-CAMPUSNET-COURSE-NNNNNN are the names of groups containing all currently subscribed members of (all "Kleingruppen" of) the particular course with number NNNNNN.

The groups are recalculated several times a day, based on information exported from the CampusNet database. This is to reflect the dynamic membership status esp. during the add/drop phase.

Groups representing a course which is no longer part of the course catalog will be set to contain no members, but the group will remain in the directory to not break configuration and display of existing spaces.

Other groups

In the search dialogue other groups might show up. Ignore them! They are not maintained, used for testing and development, and their content is undefined.

Do not assign group permissions to other groups than listed above. Capitalization of the group name is important.

Additional groups

The groups described here are automatically filled by import of CampusNet data.

(thumbs down) It is currently not possible to define or manage additional groups.

13 Comments

  1. Wow - great that also CampusNet groups are working for permissions in teamwork now. (thumbs up) Great job!

    Ulrike

  2. can we create our own groups as well for assigning permission to selective multiple users in subpages within our spaces?

    Ankur

    1. Unfortunately, not. The groups are automagically created from data of CampusNet.

      Though, this is foreseen to be implemented in the future, don't expect it too soon.

  3. Also a small question since i have to make some pages for a specific IUB admin department, can we assign user based permission to individual pages or to a page and all its childrens, like we can for the spaces..?

    That would essentially be very helpful to make sure that only certain people have access to certain pages while rest dont and yet there are pages viewable to all, all to be done without using groups ( as the are pre-made).

    Thanks in advance

    Ankur

    1. You can further limit permissions on the page level, but only in a very simplistic way (this is a feature!)

      See http://confluence.atlassian.com/display/CONF20/Page+Level+Permissioning for the vendor's documentation, though I recommend not to use page-level permissions, as it makes handling permissions more complex and error-prone.

      The right way to go seems to create a new space (there is no limit on the number of spaces!), add the people to the space (thus, creating an implicit "group"), and put your confidential information there. Only people allowed to the space would see it, so the list of spaces on the dashboard would not be "polluted" for the rest of the user base.

  4. How does one view/edit the current members of SPACEKEY-users?

    1. I just installed a plugin to manage "Space Groups" and "Space Users". Click on 'Bowse Space' and then on 'Manage Users/Groups'. Please read http://confluence.atlassian.com/display/CONFEXT/Custom+Space+User+Management+Plugin for more information.

  5. Hello Torge, I am trying to create a 'group' for many students assistants working for campus life. But it seems that I have to know the exact user names when creating a custom group - is there no LDAP auto-fill way to do this like there is when adding users to 'permissions' page of space admin???? 

    I have no idea what some user names are since they are sometimes shorter/different from email addresses....

     

    1. True, no autocomplete while managing group members.

      You can use the Simple People Search Web Interface to find out accounts, or use the global address book in Outlook/OWA.

  6. Hi Torge, I used to be able to edit and make groups for some of my teamwork spaces... I cannot figure out how to do this any more. Is this not possible? Much easier than having to maintain lots individual permissions for various spaces

    1. Hi René, AFAIK the group management functionality of Confluence has been moved to a plugin, and that plugin is now only available for €€€, which we won't pay. (sad)

  7. Schade but understandable. Danke