How are Confluence user permissions applied in SharePoint?
As a rule of thumb, only users who have direct access to information in Confluence will have access to it when the information is embedded in SharePoint.
Technical Details
For authorization within the app, the user directories of SharePoint and Confluence (e.g., Active Directory or LDAP) are not used directly. That means user names, user SID, etc., don’t matter. Instead, authorization is handled via cookies, which are created during the Confluence login and stored in the browser session.
How user permissions affect the SharePoint web part
The SharePoint Connector enables embedding publicly accessible Confluence pages or blog posts into SharePoint. Therefore, you don't have to be logged into Confluence with the same browser to access these pages.
The user is not logged in to Confluence
Anonymous access is enabled in Confluence
In this case, you'll only see publicly accessible Confluence content. If accessing such a page, a hint will be displayed within the SharePoint web part:
Image 1: User not logged into Confluence, content publicly accessible (click to enlarge)
If the web part is configured to display non-public content, then the following message will be displayed:
Image 2: User not logged into Confluence, content not publicly accessible (click to enlarge)
Anonymous access is not enabled in Confluence
If a user is logged in to SharePoint but not to Confluence, they won’t see any Confluence content. Instead, the following message will be displayed:
Image 3: User not logged into Confluence, anonymous access not enabled (click to enlarge)
The user is logged in to Confluence and SharePoint
If a user is logged in to both Confluence and SharePoint, the Confluence web part in SharePoint will only display pages, blogs, and blog posts that the logged-in Confluence user is permitted to see in Confluence itself.
The user logged in without permission
If the SharePoint web part is configured to show, for example, a Confluence page that the logged-in Confluence user isn’t allowed to see, the following hint will be displayed:
Image 4: Logged in Confluence User can only see authorized Confluence content (click to enlarge)
Related Articles
How are SharePoint user permissions applied in Confluence DC?