Permissions Required for Atlassian Confluence
When you grant access to the Atlassian Confluence app instance, Netskope seeks consent for the following permissions from the Atlassian account:
Permissions Required by Netskope | Description | Purpose |
---|---|---|
offline_access | Scope for getting refresh token. | Periodically refresh access token after instance setup. |
read:audit-log:confluence | View and export audit records for Confluence events. | Retrieve and list Confluence audit log events under Skope IT > Application Events. The data is used to support features like User Entity Behavior Analytics. |
read:confluence-user | View user information in Confluence that you have access to, including usernames, email addresses, and profile pictures. | (Future release) In order to support features like inventory and scanning, Netskope requires ‘read’ permission for the following entities:
|
read:user:confluence | View user details. | |
read:confluence-groups | Permits retrieval of user groups. | |
read:group:confluence | View details about groups. | |
read:confluence-space.summary | Read a summary of space information without expansions. | |
read:space:confluence | View space details. | |
read:space-details:confluence | View details regarding spaces and their associated properties. | |
read:label:confluence | View labels associated with content or spaces. | |
read:space.permission:confluence | View space permissions. | |
read:confluence-content.summary | Read a summary of the content, which is the content without expansions. Note, APIs using this scope may also return data allowed by | |
read:confluence-content.all | Read all content, including content body (expansions permitted). Note, APIs using this scope may also return data allowed by | |
search:confluence | Search Confluence. Note, APIs using this scope may also return data allowed by read:confluence-space.summary and | |
read:content:confluence | View content, including pages, blog posts, custom content, attachments, comments, and content templates. | |
read:content-details:confluence | View details regarding content and its associated properties. | |
read:page:confluence | View page content. | |
read:blogpost:confluence | View blog post content. | |
read:confluence-content.permission | View content permission in Confluence. | |
read:content.permission:confluence | Check if a user or group can perform an operation on the specified content. | |
read:content.restriction:confluence | View the restrictions on content. | |
read:comment:confluence | View comments on content. | |
readonly:content.attachment:confluence | Download attachments of a Confluence page or blog post that you have access to. | |
read:attachment:confluence | View and download content attachments. | |
write:confluence-content | Permits the creation of pages, blogs, comments, and questions. | (Future release) In order to support features like policy actions and remediation, Netskope requires ‘write’ permissions for the following entities:
|
write:content:confluence | Create and update content and its associated properties. | |
delete:content:confluence | Delete content. | |
write:page:confluence | Create and update pages. | |
delete:page:confluence | Delete pages. | |
write:blogpost:confluence | Create and update blog posts. | |
delete:blogpost:confluence | Delete blog posts. | |
write:comment:confluence | Create and update comments on content. | |
delete:comment:confluence | Delete comments on content. | |
write:confluence-file | Upload attachments. | |
write:attachment:confluence | Create and update content attachments. | |
delete:attachment:confluence | Delete content attachments. | |
write:confluence-groups | Permits creation, removal, and update of user groups. | |
write:group:confluence | Create, update, and delete groups. | |
write:content.restriction:confluence | Update the restrictions on content. | |
write:space.permission:confluence | Update space permissions. |
You may have noticed that a few permissions are repeated (with a minor variation in name):
read:confluence-user and read:user:confluence
read:confluence-groups and read:group:confluence
read:confluence-content.permission and read:content.permission:confluence
readonly:content.attachment:confluence and read:attachment:confluence
write:confluence-content and write:content:confluence
write:confluence-groups and write:group:confluence
This is because Netskope requests both classic and granular scopes from Atlassian Confluence. While Netskope will use one of the permissions at a given time, Netskope requests both due to Atlassian's continuous deprecation of v1 APIs, which primarily rely on classic scopes. As a replacement, v2 APIs primarily require granular scopes, and therefore, Netskope requires both classic and granular scopes to ensure seamless transition to v2 APIs.