You can easily remove all permissions from a Confluence DC Space, or a Confluence Cloud Space. Confluence Server, though? You’re out of luck.
Imagine you migrated from Confluence Cloud to Confluence Server, and you wanted to remove all permissions on a Space (except for maybe “View Space”). That’s a whole lot of manually clicking, unless you script it. You’re going to need ScriptRunner for this.
The script below takes two inputs: a Space key, and a username. It needs the username of someone on the Space with Admin access, because Confluence will not let you remove EVERYONE with admin access from the Space.
Someone gets left behind.
Okay so it takes those two pieces of information as variables. It then makes use of two arrays. The first array is a prescribed selection of the permissions you’d like removed from the Space. Want to let everyone keep the View Space permission type? Take it out of the List!
The second array is generated by the script. It’s a list of every username and group name with some kind of permission on the Space.
We then nest two loops, and iterate through the permission types and usernames. For each permission type, for each username, we call the method to remove that permission from that user on the given Space. The method is in a try/catch because not all users have all permissions, and the script knows to simply log the error and ignore the problem if that happens.
As is noted in the script, pre-generating the list of user and group names seems like an ugly way to do things. However if we simply try to call the “get username” method with every call to the permissions manager, it throws an error. This was the simplest way around that error.
On the subject of “simple”, we’re calling the SOAP service, which is unusual. However, this again is by FAR the easiest way to accomplish the task. Given that Confluence (and Jira) Server have a sunset date, it’s a sufficient fix for as long as the software will be around.
import com.atlassian.confluence.rpc.soap.services.SpacesSoapService
import com.atlassian.sal.api.component.ComponentLocator
import com.atlassian.confluence.spaces.SpaceManager
def String spaceKey = "<Space Key"
//Define a target Space
def String adminName = "<Admin username>"
//We need to to leave SOMEBODY with permission on the Space, and that somebody has to have Admin permission
def space = ComponentLocator.getComponent(SpaceManager).getSpace(spaceKey)
def removeSpacePermission = ComponentLocator.getComponent(SpacesSoapService)
//Create an array with every kind of permission that a user or group could possibly have in Confluence
def permissions = [
"COMMENT",
"CREATEATTACHMENT",
"EDITBLOG",
"EDITSPACE",
"EXPORTSPACE",
"REMOVEATTACHMENT",
"REMOVEBLOG",
"REMOVECOMMENT",
"REMOVEOWNCONTENT",
"REMOVEPAGE",
"SETPAGEPERMISSIONS",
"VIEWSPACE",
"SETSPACEPERMISSIONS",
"REMOVEMAIL"
]
def usernames = []
space.getPermissions().each {
userName ->
usernames.add(userName.getUserSubject())
usernames.add(userName.getGroup())
} //Define an array that holds all the users and groups with any kind of permission on the given space
//NOTE: you might think that you could just reference the username method directly in a loop, but we quickly encounter a "ConcurrentModificationException" error
//We get around this by instead adding the user/group names to an array
permissions.each {
perms ->
usernames.each {
user ->
if (user.toString() == adminName) {
log.warn("Skipped removing Confluence Admin")
} else {
try {
removeSpacePermission.removePermissionFromSpace(perms.toString(), user.toString(), spaceKey)
//Remove the permission of a given type, from a given user, in the given space.
} catch (Exception) {
log.warn(Exception)
}
}
}
}
Leave a Reply