On this page

What are user roles?

When you assign a user or group to an extranet space, you must specify user roles. The permissions set by the administrator are linked to this role. You can create up to five user roles with different sets of permissions.

The boxes/checks represent the permissions. If boxes are checked, the user receives those permissions (as long as they received the role).

How do I define user roles?

Navigate to Confluence administration → Space Privacy → Roles & Permissions → User Roles.

Click on the Edit button at the bottom of the page.

Enter the name of a role and activate the Enabled checkbox if you wish to activate the role.

Activate the checkboxes according to the permissions you want to give said user role.

Finally, click on the Save button.

NEW IN 3.5 Handle assignments of deactivated roles 

When you want to deactivate a user role and already have assignments for it, a small icon appears next to the checkbox. Clicking the icon opens an option dialog offering two options:

• Keep existing assignments
  Existing assignments will be kept and only new Extranets won't create the roles (default prior to version 3.4)
  
  
• Migrate existing assignments
  Existing assignments will be migrated to another role. So the role can be disabled safely. 
  

The icon will only appear if a role is or will be deactivated and assignments for this role exist.

Safety Guidelines

We strongly recommend the following Confluence configuration settings to avoid potential security risks:

Make sure people are not allowed to register their own accounts, especially without restriction to your domain.

If you allow anonymous access, make sure anonymous users don't have permission to create or edit anything anywhere (pages, blogposts, comments, attachments etc. in any space).
     
If you configure your instance differently, you do so at your own risk.