Skip to end of banner
Go to start of banner

How SharePoint user permissions are applied in Confluence Server/DC?

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

As a rule of thumb, only users who have direct access to information in SharePoint will have access to it when the information is embedded in Confluence.

Technical Details

For authorization within the app the user directories of SharePoint and Confluence (for example Active Directory, LDAP) are not directly used. Especially user names, user SID etc. don’t matter. Instead, authorization takes place via so-called access tokens which are stored in the browser session.

For authentication against SharePoint of course the SharePoint user directory is used. Following the complete process of authentication and authorization is described (in a bit simplified way):

  1. When the user logs in to SharePoint a user token is created for this user.

  2. The user token (together with some additionally required information) is then used to request an access token from SharePoint. Thus the access token is issued for this specific user.

  3. The access token is then used for every request of data from SharePoint. That means that the respose only contains SharePoint data granted to this specific user.

Impact to the Confluence Macros

Therefore, the user has to be logged in both systems (Confluence and SharePoint) in one browser window while using the app.

If a user is logged in to Confluence but not to SharePoint he won’t see any SharePoint content. Instead a message like the following will be displayed:

Image 1: User not logged in to SharePoint cannot see any SharePoint content

If a user is logged in to Confluence and SharePoint as well then in a SharePoint List or SharePoint Document macro in Confluence there will be displayed all lists respectively documents the logged in SharePoint user is permitted to see in SharePoint itself.

If a SharePoint List macro is configured to show a list that the the logged in SharePoint user isn’t allowed to see the following hint will be displayed:

Image 2: Logged in SharePoint User can only see authorized SharePoint lists

Likewise for the SharePoint Document macro:

Image 3: Logged in SharePoint User can only see authorized SharePoint documents

  • No labels