How to view and bulk update add/delete restrictions?
By mid-October 2023, an improved version of Security & Encryption for Confluence Cloud will be released. Users will enjoy enhanced security.
Purpose
To understand how an administrator can check for secret owners without add/delete restrictions and grant them access.
Answer
Step 1: Downloading the list of affected secret owners
Click Secret Administration and select Owner Restrictions. A list of secret owners without add/delete page restrictions is shown.
Click Generate user CSV list to download the list of secret owners.
Step 2: Using the script to bulk update add/delete restrictions
Prerequisites
Install Python in your environment. Download Python from the official website: Download Python 3.
Install the 'requests' Python library.
Use the script below to add users and groups from the CSV file downloaded in Step 1.
import csv
import requests
import json
import base64
# Replace with your Confluence Cloud domain, email, API token, and CSV file
CONFLUENCE_DOMAIN = '<instance-name>.atlassian.net'
EMAIL = '<EMAIL_ADDRESS>'
API_TOKEN = '<API_TOKEN>'
CSV_FILE = '<CSV_FILE>'
AUTH_STRING = EMAIL + ':' + API_TOKEN
BASIC_AUTH_TOKEN = base64.b64encode(AUTH_STRING.encode("ascii")).decode("ascii")
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': f'Basic {BASIC_AUTH_TOKEN}'
}
MAX_RETRY = 5
def update_space_permissions(permission, owner_type, owner_id, space_key, retries = 0):
if retries >= MAX_RETRY:
print(f'Reached maximum recursion depth. Exiting recursive calls.')
return
url = f'https://{CONFLUENCE_DOMAIN}/wiki/rest/api/space/{space_key}/permission'
data = {
'operation': {
'key': permission,
'target': 'space'
},
'subject': {
'type': owner_type,
'identifier': owner_id
}
}
response = requests.post(url, headers=headers, json=data)
if response.status_code == 200:
print(f'Updated permissions for {owner_id}: {permission} in space {space_key}')
else:
print(f'Failed to update permissions for {owner_id}: {permission} in space {space_key}. Error: {response.text}')
if 'read space' in response.text:
update_space_permissions('read', owner_type, owner_id, space_key, retries + 1)
update_space_permissions(permission, owner_type, owner_id, space_key, retries + 1)
def main():
with open(CSV_FILE, newline='') as csvfile:
reader = csv.DictReader(csvfile)
for row in reader:
owner = row['Owner']
owner_type = row['Type'].lower()
owner_id = row['OwnerId']
space_key = row['SpaceKey']
update_space_permissions('restrict_content', owner_type, owner_id, space_key)
if __name__ == '__main__':
main()Step 3: Configuring the script
Replace
<instance-name>.atlassian.netwith your Confluence domain.Replace
<EMAIL_ADDRESS>with the email associated with your Confluence domain.Obtain an API token by following these steps:
In Confluence, click on your account icon > Manage Account.
From the top menu, select Security > Create and manage API tokens.
Generate a new API token by clicking Create API token. In the script, replace
<API_TOKEN>with the generated token.
Replace
<CSV_FILE>with the name of the CSV file you want to use. The CSV file is located in the same directory as this script. Example:permissions.csv
Step 4: Running the script
To update permissions for users and groups, follow these steps:
Open a terminal or command prompt.
Navigate to the directory where the script is located.
Run the command
python bulk_update_permissions.py
The script will start updating the permissions based on the CSV file that was downloaded from the Owner Restrictions tab.
Tip
Review the script and CSV file before running the script to verify the permissions being modified.