Permissions Required for Atlassian Confluence
Permissions Required for Atlassian Confluence
When you grant access to the Atlassian Confluence app instance, Netskope seeks consent for the following permissions from the Atlassian account:
| Permissions required by Netskope | Description | Purpose |
|---|---|---|
| offline_access | Scope for getting refresh token. | Periodically refresh access token after instance setup. |
| read:audit-log:confluence | View and export audit records for Confluence events. | Retrieve and list Confluence audit log events under Skope IT > Application Events. The data is used to support features like User Entity Behavior Analytics. |
| read:confluence-user | View user information in Confluence that you have access to, including usernames, email addresses, and profile pictures. | In order to support features like inventory and scanning, Netskope requires ‘read’ permission for the following entities:
|
| read:user:confluence | View user details. | |
| read:confluence-groups | Permits retrieval of user groups. | |
| read:group:confluence | View details about groups. | |
| read:confluence-space.summary | Read a summary of space information without expansions. | |
| read:space:confluence | View space details. | |
| read:space-details:confluence | View details regarding spaces and their associated properties. | |
| read:label:confluence | View labels associated with content or spaces. | |
| read:space.permission:confluence | View space permissions. | |
| read:permission:confluence | View space permissions. | |
| read:confluence-content.summary | Read a summary of the content, which is the content without expansions. Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary. |
|
| read:confluence-content.all | Read all content, including content body (expansions permitted). Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary. |
|
| search:confluence | Search Confluence. Note, APIs using this scope may also return data allowed by read:confluence-space.summary and read:confluence-content.summary. However, this scope is not a substitute for read:confluence-space.summary or read:confluence-content.summary. |
|
| read:content:confluence | View content, including pages, blog posts, custom content, attachments, comments, and content templates. | |
| read:content-details:confluence | View details regarding content and its associated properties. | |
| read:page:confluence | View page content. | |
| read:blogpost:confluence | View blog post content. | |
| read:confluence-content.permission | View content permission in Confluence. | |
| read:content.permission:confluence | Check if a user or group can perform an operation on the specified content. | |
| read:content.restriction:confluence | View the restrictions on content. | |
| read:comment:confluence | View comments on content. | |
| readonly:content.attachment:confluence | Download attachments of a Confluence page or blog post that you have access to. | |
| read:attachment:confluence | View and download content attachments. | |
| write:confluence-content | Permits the creation of pages, blogs, comments, and questions. | In order to support features like policy actions and remediation, Netskope requires ‘write’ permissions for the following entities:
|
| write:content:confluence | Create and update content and its associated properties. | |
| delete:content:confluence | Delete content. | |
| write:page:confluence | Create and update pages. | |
| delete:page:confluence | Delete pages. | |
| write:blogpost:confluence | Create and update blog posts. | |
| delete:blogpost:confluence | Delete blog posts. | |
| write:comment:confluence | Create and update comments on content. | |
| delete:comment:confluence | Delete comments on content. | |
| write:confluence-file | Upload attachments. | |
| write:attachment:confluence | Create and update content attachments. | |
| delete:attachment:confluence | Delete content attachments. | |
| write:confluence-groups | Permits creation, removal, and update of user groups. | |
| write:group:confluence | Create, update, and delete groups. | |
| write:content.restriction:confluence | Update the restrictions on content. | |
| write:space.permission:confluence | Update space permissions. |
You may have noticed that a few permissions are repeated (with a minor variation in name):
-
read:confluence-user and read:user:confluence
-
read:confluence-groups and read:group:confluence
-
read:confluence-content.permission and read:content.permission:confluence
-
readonly:content.attachment:confluence and read:attachment:confluence
-
write:confluence-content and write:content:confluence
-
write:confluence-groups and write:group:confluence
This is because Netskope requests both classic and granular scopes from Atlassian Confluence. While Netskope will use one of the permissions at a given time, Netskope requests both due to Atlassian’s continuous deprecation of v1 APIs, which primarily rely on classic scopes. As a replacement, v2 APIs primarily require granular scopes, and therefore, Netskope requires both classic and granular scopes to ensure seamless transition to v2 APIs.
