Skip to main content

Netskope Help

Permissions Required for Atlassian Confluence

When you grant access to the Atlassian Confluence app instance, Netskope seeks consent for the following permissions from the Atlassian account:

Permissions Required by Netskope

Description

Purpose

offline_access

Scope for getting refresh token.

Periodically refresh access token after instance setup.

read:audit-log:confluence

View and export audit records for Confluence events.

Retrieve and list Confluence audit log events under Skope IT > Application Events. The data is used to support features like User Entity Behavior Analytics.

read:confluence-user

View user information in Confluence that you have access to, including usernames, email addresses, and profile pictures.

(Future release)

In order to support features like inventory and scanning, Netskope requires ‘read’ permission for the following entities:

  • User

  • Group

  • Membership

  • Space

  • Label

  • Space Permission

  • Page (including blog post)

  • Page Restriction

  • Comment

  • Attachment

  • Content (page + comment + attachment)

read:user:confluence

View user details.

read:confluence-groups

Permits retrieval of user groups.

read:group:confluence

View details about groups.

read:confluence-space.summary

Read a summary of space information without expansions.

read:space:confluence

View space details.

read:space-details:confluence

View details regarding spaces and their associated properties.

read:label:confluence

View labels associated with content or spaces.

read:space.permission:confluence

View space permissions.

read:confluence-content.summary

Read a summary of the content, which is the content without expansions. Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary.

read:confluence-content.all

Read all content, including content body (expansions permitted). Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary.

search:confluence

Search Confluence. Note, APIs using this scope may also return data allowed by read:confluence-space.summary and read:confluence-content.summary. However, this scope is not a substitute for read:confluence-space.summary or read:confluence-content.summary.

read:content:confluence

View content, including pages, blog posts, custom content, attachments, comments, and content templates.

read:content-details:confluence

View details regarding content and its associated properties.

read:page:confluence

View page content.

read:blogpost:confluence

View blog post content.

read:confluence-content.permission

View content permission in Confluence.

read:content.permission:confluence

Check if a user or group can perform an operation on the specified content.

read:content.restriction:confluence

View the restrictions on content.

read:comment:confluence

View comments on content.

readonly:content.attachment:confluence

Download attachments of a Confluence page or blog post that you have access to.

read:attachment:confluence

View and download content attachments.

write:confluence-content

Permits the creation of pages, blogs, comments, and questions.

(Future release)

In order to support features like policy actions and remediation, Netskope requires ‘write’ permissions for the following entities:

  • Space Permission

  • Page (including blog post)

  • Page Restriction

  • Comment

  • Attachment

  • Content (page + comment + attachment)

write:content:confluence

Create and update content and its associated properties.

delete:content:confluence

Delete content.

write:page:confluence

Create and update pages.

delete:page:confluence

Delete pages.

write:blogpost:confluence

Create and update blog posts.

delete:blogpost:confluence

Delete blog posts.

write:comment:confluence

Create and update comments on content.

delete:comment:confluence

Delete comments on content.

write:confluence-file

Upload attachments.

write:attachment:confluence

Create and update content attachments.

delete:attachment:confluence

Delete content attachments.

write:confluence-groups

Permits creation, removal, and update of user groups.

write:group:confluence

Create, update, and delete groups.

write:content.restriction:confluence

Update the restrictions on content.

write:space.permission:confluence

Update space permissions.

You may have noticed that a few permissions are repeated (with a minor variation in name):

  • read:confluence-user and read:user:confluence

  • read:confluence-groups and read:group:confluence

  • read:confluence-content.permission and read:content.permission:confluence

  • readonly:content.attachment:confluence and read:attachment:confluence

  • write:confluence-content and write:content:confluence

  • write:confluence-groups and write:group:confluence

This is because Netskope requests both classic and granular scopes from Atlassian Confluence. While Netskope will use one of the permissions at a given time, Netskope requests both due to Atlassian's continuous deprecation of v1 APIs, which primarily rely on classic scopes. As a replacement, v2 APIs primarily require granular scopes, and therefore, Netskope requires both classic and granular scopes to ensure seamless transition to v2 APIs.