From confluence-assistant-skills
Manage space and page permissions and restrictions. ALWAYS use when user wants to control access, set restrictions, or manage who can view/edit content.
npx claudepluginhub grandcamel/confluence-assistant-skills --plugin confluence-assistant-skillsThis skill uses the workspace's default tool permissions.
Manage space and page permissions and restrictions.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Manage space and page permissions and restrictions.
This skill controls who can access Confluence content. Use this skill for:
⚠️⚠️ WARNING: Permission changes can lock users out of content. Always document current permissions before making changes.
| Trigger | Example |
|---|---|
| View permissions | "Who can access DOCS space?", "Show page restrictions" |
| Add permissions | "Give engineering-team read access to DOCS" |
| Remove permissions | "Remove John's access to page 12345" |
| Restrict pages | "Lock this page to admins only" |
| Audit access | "List all permissions for TEAMSPACE" |
| Operation | Use Instead |
|---|---|
| Create/edit pages | confluence-page |
| Search for content | confluence-search |
| Manage space settings | confluence-space |
| View who's watching | confluence-watch |
| Operation | Risk | Notes |
|---|---|---|
| Get permissions | - | Read-only |
| Add permission | ⚠️ | Grants access, can be removed |
| Remove permission | ⚠️⚠️ | Can lock users out |
| Add page restriction | ⚠️⚠️ | Can hide content from users |
| Remove all restrictions | ⚠️ | Opens page to all space members |
This skill provides comprehensive permission management for Confluence:
Note: Due to API limitations, this skill uses a hybrid approach:
Retrieve the list of permissions assigned to a space.
Usage:
confluence permission space get SPACE_KEY
confluence permission space get DOCS --output json
Output: Lists all users and groups with their assigned operations (read, write, administer, etc.)
Note: Use --output json to see permission IDs, which are required for removing specific permissions with confluence permission space remove --permission-id.
Grant a permission to a user or group for a space.
Usage:
confluence permission space add SPACE_KEY --user ACCOUNT_ID --operation read
confluence permission space add DOCS --group confluence-users --operation create
confluence permission space add TEST --user 557058:12345678-abcd-1234-efgh-123456789abc --operation administer
confluence permission space add DOCS --group editors --operation create --target page
Options:
--user - User account ID (plain ID, no prefix)--group - Group name--operation - Permission operation (required)--target - Target type (default: space)Valid Operations:
read - View contentcreate - Create contentdelete - Delete contentadminister - Manage spacearchive - Archive contentrestrict_content - Set content restrictionsexport - Export contentValid Targets:
space - Space-level permission (default)page - Page-level permissionblogpost - Blog post permissioncomment - Comment permissionattachment - Attachment permissionRevoke a permission from a user or group for a space.
Usage:
# Method 1: Remove by permission ID (preferred)
confluence permission space remove SPACE_KEY --permission-id 12345
confluence permission space remove DOCS -p 67890
# Method 2: Remove by user/group + operation (finds and removes matching permissions)
confluence permission space remove SPACE_KEY --user ACCOUNT_ID --operation read
confluence permission space remove DOCS --group confluence-users --operation create
Options:
--permission-id, -p - Permission ID to remove (primary method)--user - User account ID (requires --operation)--group - Group name (requires --operation)--operation - Operation to match (REQUIRED when using --user or --group)Note: Use confluence permission space get to find permission IDs.
List restrictions on a page (who can read/edit).
Usage:
confluence permission page get PAGE_ID
confluence permission page get 123456 --output json
Output: Shows read and update restrictions with users and groups
Add a restriction to limit page access.
Usage:
confluence permission page add PAGE_ID --operation read --user ACCOUNT_ID
confluence permission page add 123456 --operation update --group confluence-users
confluence permission page add 123456 --operation read --user 557058:12345678-abcd-1234-efgh-123456789abc
Options:
--user - User account ID (plain ID, no prefix)--group - Group name--operation - Restriction type (required): read or updateRestriction Types:
read - Who can view the pageupdate - Who can edit the pageRemove a restriction from a page.
Usage:
confluence permission page remove PAGE_ID --operation read --user ACCOUNT_ID
confluence permission page remove 123456 --operation update --group confluence-users
confluence permission page remove 123456 --operation read --all
Options:
--user - User account ID to remove from restriction--group - Group name to remove from restriction--operation - Restriction type (required): read or update--all - Remove all restrictions of this typeUse --all to remove all restrictions of a type (makes page accessible to all space members).
# Get current restrictions
confluence permission page get 123456
# Add read restriction to specific users (use account IDs)
confluence permission page add 123456 --operation read --user 557058:john-account-id
confluence permission page add 123456 --operation read --user 557058:jane-account-id
# Add edit restriction to admins group
confluence permission page add 123456 --operation update --group confluence-administrators
# Add read permission for the team
confluence permission space add TEAMSPACE --group engineering-team --operation read
# Add create permission for contributors (to create pages)
confluence permission space add TEAMSPACE --group engineering-leads --operation create --target page
# Verify permissions
confluence permission space get TEAMSPACE
# Remove all read restrictions (make viewable to all space members)
confluence permission page remove 123456 --operation read --all
# Remove all update restrictions (make editable to all space members)
confluence permission page remove 123456 --operation update --all
get commands--user not finding the person557058:12345678-abcd-1234-efgh-123456789abc), no prefix needed| Error | Cause | Resolution |
|---|---|---|
| 403 Forbidden | Insufficient privileges to modify permissions | Request space admin access |
| 404 Not Found | User, group, or resource doesn't exist | Verify user email, group name, page ID |
| 400 Bad Request | Invalid operation or subject type | Check operation name, use correct subject type |
| 409 Conflict | Permission already exists or conflicts | Check current permissions first |
Locked out of page:
# Space admin can remove restrictions via UI or API
confluence permission page remove PAGE_ID --operation read --all
confluence permission page remove PAGE_ID --operation update --all
Accidentally removed space access:
# Confluence admin can restore via Confluence Admin > Space Permissions
# Or re-add the permission:
confluence permission space add SPACE_KEY --group GROUP_NAME --operation read
Audit trail: