Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Teams
, (opens new window)
Macro Security for Confluence
Results will update as you type.
  • Release notes
  • Release Documentation
    • 4.x
    • 3.x
      • Administrator's Guide
        • Understanding How Macro Security Works
        • Installing the Add-on
        • Macro Security Managed Macros
        • Configuring and Enabling Macro Security
        • Example Configurations
        • Using the Trusted Spaces Approach
        • Using Macro Security with the Live Template Macro
        • Using the Macro Security Macro to Control User Macros
        • Implementing Macro Security Support in Add-ons
        • Disabling and Uninstalling Macro Security
        • Downloads
        • How to get problem determination information
      • User's Guide
    You‘re viewing this with anonymous access, so some content might be blocked.
    /
    Using the Trusted Spaces Approach

    Using the Trusted Spaces Approach

    Dec 03, 2015

    Summary

    For add-ons that have this option (see Supporting Add-ons table shown on the right), administrators can establish some spaces as being secure places for restricted macro capabilities. This allows administrators to use space permissions, rather than "edit" page restrictions, to control who can create or edit content that uses a restricted macro.

    Use Case

    An administrator has a space that already has space-level permissions governing who can create content in the space, limiting it to certain trusted users. The administrator would like to allow restricted macros to be used on pages in that space without needing to use "edit" page restrictions.

    Syntax

    The following syntax in the Macro Security add-on's configuration properties file will allow content within a space to be authorized without requiring a page restriction: space:SPACEKEY 

    This syntax can be used instead of or in addition to specifying trusted users and/or groups in the list of authorized entries. In addition, it can be used on Use Restrictions as well as the Parameter Restrictions in the configuration properties file. (Refer to the Understanding How Macro Security Works page for more information about Use Restrictions and Parameter Restrictions.)

    sql = confluence-administrators, executive-management, space:BIZDATA, space:FINANCE
sql.datasource.bizData = space:BIZDATA

    The meaning of the above configuration is as follows:

    1. Line 1
      1. Pages that have an "edit" page restriction to confluence-administrators or executive-management will be allowed to create or edit content using the SQL macro, and
      2. Any pages in spaces with keys BIZDATA or FINANCE will be allowed to use the SQL macro (with or without any specific "edit" page restrictions).
    2. Line 2
      1. Only pages in space BIZDATA can use the bizData datasource with the SQL macro. Other datasources can be used by authorized users in the BIZDATA space or other spaces.

    Controlling access through space permissions

    When configuring space-level permissions in spaces for which Trusted Spaces macro security has been configured, Confluence Administrators and Space Administrators must ensure that:

    • Only users who are trusted to use that macro capability are allowed to edit content.
    • Non-trusted users are not allowed to edit content.

    If this criteria cannot be met or the space permissions need to be less strict, then do not use space-based macro security!

    Examples

    Assume that Macro Security has been configured to say that only content in the Demonstration space (spaceKey = DEMO) is trusted to use the SQL macro.

    If page resides in a space with this spaceKey...The rendering of the Panel macro will be...The rendering of the SQL macro will be...Notes
    • DEMO
    		successfulsuccessful

    The SQL macro is rendered successfully because the spaceKey of the space in which the page resides is a "trusted" one per the properties file.

    Note, however, that Macro Security will not validate the space permissions or the "edit" page restrictions in any way.

    • HELP
    		successful

    unsuccessful

    Error:
    "Error rendering macro 'sql': Security restricted macro is not allowed. An edit restriction is required that matches the macro authorization list."

    		The SQL macro is rendered unsuccessfully because the spaceKey doesn't match a "trusted" spaceKey in the properties file.

    Supporting Add-ons

    Use of the Trusted Spaces apprach requires specific enablement.

    • (tick) = available in a released version

     

     

     

     

     

     

     

     

     

     

    , multiple selections available,

    Need support? Create a request with our support team.

    Copyright © 2005 - 2025 Appfire | All rights reserved.

    {"serverDuration": 13, "requestCorrelationId": "c15c03d17a12455683b6c0408f232bde"}