These examples summarise the macros you can use to change page restrictions.
These macros are used as part of a workflow trigger to set the content permission for the specified users and change the capability of these listed users.
The Confluence user(s) or a user who is a member of a Confluence group listed in the macro will have the type of permission (view
, or edit
)
specified in the macro.
Other users who are not listed in the macro will have their permission for the content restricted.
In this example, when the workflow transitions to the Review state, we use the {add-restriction}
macro to restrict editing to the document creator and members of the reviewers group:
{workflow:name=Edit restrictions} {state:Editing|submit=Review} {state} {state:Review} {state} {trigger:statechanged|state=Review} {add-restriction:type=edit|user=@creator@|group=reviewers} {trigger} {workflow} |
In this example, we use the {remove-restriction}
macro to remove the restrictions if the content review is approved.
{workflow:name=Edit restrictions} {state:Editing|submit=Review} {state} {state:Review|approved=Published|rejected=Editing} {approval:Review} {state} {state:Published} {state} {trigger:statechanged|state=Review} {add-restriction:type=edit|user=@creator@|group=reviewers} {trigger} {trigger:pageapproved|approval=Review} {remove-restriction:type=edit|user=@creator@|group=reviewers} {trigger} {workflow} |
Using remove-restriction
will simply remove the specified permission type for the named user(s) on the content.
If you want to remove all added permissions of a specific type simply do not include users or groups in the {remove-restriction}
macro.
For example, when the following two macros are used together in a trigger, one will remove all added edit
permission restrictions, the other will remove all added view
permission restrictions.
{remove-restriction:type=edit} {remove-restriction:type=view} |
You must include a separate macro for each type of permission.
The macro will not remove any page-level restrictions or other permissions that have been previously added.
If you remove restrictions of a certain type, then add restrictions of the same type, it can cause errors. This is due to the way Confluence works internally (database connections, long-running threads... reasons).
To avoid this possible issue, it's sometimes safer to use the {set-restrictions}
macro when you need to remove, then add, restrictions of the same type.
In the example below
set-restrictions
in a trigger on the pageapproved
event we clear all existing edit restrictions and then only allow users who are members of the Confluence user group maintenance to edit the published content{workflow:name=Edit restrictions} {state:Editing|submit=Review} {state} {state:Review|approved=Published|rejected=Editing} {approval:Review} {state} {state:Published} {state} {trigger:statechanged|state=Review} {add-restriction:type=edit|user=@creator@|group=reviewers} {trigger} {trigger:pageapproved|approval=Review} {set-restrictions:type=edit|group=maintenance} {trigger} {workflow} |
The action of the {set-restrictions}
macro initially removes all previously added restrictions on the content and then adds the permission for the maintenance group of users.
Be aware that
One problem with our example is that any transition back to the editing state will retain the permission restrictions.
We can simply add the following trigger to remove the added content page permissions
{trigger:statechanged|state=Editing} {remove-restriction:type=view} {remove-restriction:type=edit} {trigger} |
When using the If there are other users who have Confluence permissions for the content but are not listed in the macro, these users will have their permissions restricted. |
In this example, edits to the content are "blocked" in the final state. Effectively forbidding all changes in the content except by members of the confluence-administrators
group.
{workflow:name=Restrictions example} {state:Draft|approved=Published} {approval:Review} {state} {state:Published} {state} {trigger:pageapproved|approval=Review} {set-restrictions:type=view|group=confluence-users} {set-restrictions:type=edit|group=confluence-administrators} {trigger} {workflow} |