How are Confluence user permissions applied in SharePoint?

Owned by Dorrit Riemenschneider
Last updated: Oct 18, 2023 by Frank Schreiber
2 min read

As a rule of thumb, only users who have direct access to information in Confluence will have access to it when the information is embedded in SharePoint.

Technical Details

For authorization within the app the user directories of SharePoint and Confluence (for example Active Directory, LDAP) are not directly used. That means user names, user SID etc. don’t matter. Instead, authorization takes place via cookies which are created at Confluence login and stored in the browser session.

How user permissions affect the SharePoint web part

SharePoint Connector makes it possible to embed also public accessible Confluence pages or blog posts into SharePoint. Therefore you don't have to be logged into Confluence with the same browser to access these pages.

User not logged in to Confluence

Anonymous access enabled in Confluence

In this case you'll only see public accessible Confluence content. If accessing such a page a hint will be displayed within the SharePoint web part:

Image 1: User not logged into to Confluence, content public accessible (click to enlarge)

If the web part is configured to display non-public content then the following message will be displayed:

Image 2: User not logged into to Confluence, content not public accessible (click to enlarge)

 

Anonymous access not enabled in Confluence

If a user is logged in to SharePoint but not to Confluence he won’t see any Confluence content. Instead the following message will be displayed:

Image 3: User not logged into to Confluence, anonymous access not enabled (click to enlarge)

User logged in to Confluence and SharePoint

If a user is logged in to both Confluence and SharePoint, then the Confluence web part in SharePoint will only display pages, blogs and blog posts the logged in Confluence user is permitted to see in Confluence itself.

User logged in without permission

If the SharePoint web part is configured to show for example a Confluence page that the the logged in Confluence user isn’t allowed to see, the following hint will be displayed:

Image 4: Logged in Confluence User can only see authorized Confluence content (click to enlarge)

https://communardo.atlassian.net/wiki/spaces/KB/pages/2149915565

High Level Architecture