How are Confluence Cloud user permissions applied in SharePoint Online?
As a rule of thumb, only users who have direct access to information in Confluence Cloud will have access to it when the information is embedded in SharePoint Online.
Technical Details
The Confluence Cloud page body is embedded in SharePoint Online via an HTML iframe. That means the authorization is handled directly by Confluence Cloud and there isn’t executed any dedicated authorization functionality by the app. That’s why the iframe itself only displays content the user is allowed to see.
Therefore the user has to be logged in to both systems (Confluence and SharePoint) in the same browser window while using the app.
How user permissions affect the SharePoint web part
User is not logged in to Confluence
If a user is logged in to SharePoint but not to Confluence s/he won’t see any Confluence content. Depending on the browser, a message like the following will be displayed:
Image 1: User not logged in to Confluence Cloud cannot see any Confluence content
User is logged in to Confluence and SharePoint
If a user is logged in to both Confluence and SharePoint, then the Confluence Page web part in SharePoint will only display Confluence content the logged in Confluence user is permitted to see in Confluence itself.
User is logged in without permission
If the SharePoint web part is configured to show a Confluence page that the logged in Confluence user isn’t allowed to see, the following hint will be displayed:
Image 2: Logged in Confluence user can only see Confluence content s/he is authorized for
Related Articles
SharePoint: Embed Confluence Cloud page