Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
absoluteUrltrue
excludeSee also
typeflat
separatorpipe

Overview

These examples summarise the macros you can use to change page restrictions.

These macros are used as part of a workflow trigger to set the content permission for the specified users and change the capability of these listed users.

The Confluence user(s) or a user who is a member of a Confluence group listed in the macro will have the type of permission (view, or edit) specified  specified in the macro.

Other users who are not listed in the macro will have their permission for the content restricted.

...

In this example, when the workflow transitions to the Review state, we use the {add-restriction } macro to restrict editing to the document creator and members of the reviewers group:

Code Block
languagetextthemeRDark
{workflow:name=Edit restrictions}
   {state:Editing|submit=Review}
   {state}
   {state:Review}
   {state}
   {trigger:statechanged|state=Review}
      {add-restriction:type=edit|user=@creator@|group=reviewers}
   {trigger}
{workflow}

Action

Type

user / group

Result

add-restriction

​view

@creator@

  • only creator can see the content

  • no other users will be able to access the content

add-restriction

edit

reviewers

  • only users who are members of the Confluence reviewers group will be able to edit the page

  • all other users will have view permission (unless separately restricted)

Remove a restriction

In this example, we use the {remove-restriction } macro to remove the page restrictions if the content review is approved.

Code Block
theme
languagetextRDark
{workflow:name=Edit restrictions}
   {state:Editing|submit=Review}
   {state}
   {state:Review|approved=Published|rejected=Editing}
      {approval:Review}
   {state}
   {state:Published}
   {state}
   {trigger:statechanged|state=Review}
      {add-restriction:type=edit|user=@creator@|group=reviewers}
   {trigger}
   {trigger:pageapproved|approval=Review}
      {remove-restriction:type=edit|user=@creator@|group=reviewers}
   {trigger}
{workflow}

...

If you want to remove all added permissions of a specific type simply do not include users or groups in the {remove-restriction macro

For example, when the following two macros are used together in a trigger, one will remove all added edit permission restrictions, the other will remove all added view permission restrictions.

Code Block
{remove-restriction:type=edit}
{remove-restriction:type=view}

You must include a separate macro for each type of permission.

The macro will not remove any page-level restrictions or other permissions that have been previously added.

Remove then Add restrictions → Set restrictions

...

To avoid this possible issue, it's sometimes safer to use the {set-restrictions } macro when you need to remove, then add, restrictions of the same type.

In the example below

  • when the state changes to Review, only the content creator (Matilde Sipes in the example) and users who are members of the Confluence user group reviewers are able to edit the content

    Image RemovedImage Added

  • when the review is approved, using set-restrictions in a trigger on the pageapproved event we clear all existing edit restrictions and then only allow users who are members of the Confluence user group maintenance to edit the published content

    Image RemovedImage Added

Code Block
languagetextthemeRDark
{workflow:name=Edit restrictions}
   {state:Editing|submit=Review}
   {state}
   {state:Review|approved=Published|rejected=Editing}
      {approval:Review}
   {state}
   {state:Published}
   {state}
   {trigger:statechanged|state=Review}
      {add-restriction:type=edit|user=@creator@|group=reviewers}
   {trigger}
   {trigger:pageapproved|approval=Review}
      {set-restrictions:type=edit|group=maintenance}
   {trigger}
{workflow}

The action of the 

...

set-restrictions

...

macro initially removes all previously added restrictions on the content and then adds the permission for the maintenance group of users.

Be aware that

  • a user with administrator permission will still be able to edit the content

  • an admin user and anyone who has been given edit permission using the macros will be able to change the page-level restrictions

  • a user who is not listed in the restrictions macro as having edit permission will be able to view the page-level content permissions. They will however not see the workflow state breadcrumbs on the page

One problem with our example is that any transition back to the editing state will retain the permission restrictions.

...

Info

When using the add-restriction or set-restrictions the specified Confluence permission will be added to the users listed. If there are other users who have Confluence permissions for the content but are not listed in the macro, these users will have their permissions restricted.

Blocking changes to content

In this example, edits to the content are "blocked" in the final state. Effectively forbidding Effectively forbidding all changes in the content except by members of the confluence-administrators group.

Code Block
{workflow:name=Restrictions example}
    {state:Draft|approved=Published}
        {approval:Review}
    {state}
    {state:Published}
    {state}
    {trigger:pageapproved|approval=Review}
        {set-restrictions:type=view|group=confluence-users}
        {set-restrictions:type=edit|group=confluence-administrators}
    {trigger}
{workflow}