How are Confluence Cloud user permissions applied in SharePoint Online?
As a rule of thumb, only users who have direct access to information in Confluence Cloud will have access to it when the information is embedded in SharePoint Online.
Technical Details
The Confluence Cloud page body is embedded in SharePoint Online via an HTML iframe. That means the authorization is handled directly by Confluence Cloud, and no dedicated authorization functionality is executed by the app. That’s why the iframe itself only displays content the user is allowed to see.
Therefore, the user must be logged in to both systems (Confluence and SharePoint) in the same browser window when using the app.
How user permissions affect the SharePoint web part
The user is not logged in to Confluence
If a user is logged in to SharePoint but not to Confluence s/he won’t see any Confluence content. Depending on the browser, a message like the following will be displayed:
Image 1: User not logged in to Confluence Cloud cannot see any Confluence content
The user is logged in to Confluence and SharePoint
If a user is logged in to both Confluence and SharePoint, the Confluence Page web part in SharePoint will only display Confluence content that the logged-in Confluence user can see in Confluence itself.
The user is logged in without permission
If the SharePoint web part is configured to show a Confluence page that the logged-in Confluence user isn’t allowed to see, the following hint will be displayed:
Image 2: Logged-in Confluence user can only see Confluence content s/he is authorized for
Related Articles
SharePoint: Embed Confluence Cloud page