Availability

Child pages
  • Macro Security Managed Macros

Skip to end of metadata
Go to start of metadata

Summary

  • Securing a macro with Macro Security for Confluence is helpful for particular, often more powerful macros.
  • When Macro Security is desired for a particular macro, a set of secured usage configurations (see options below) can be uniquely defined for that macro.
  • See the table below for a list of macros from Bob Swift Atlassian add-ons that implement Macro Security, along with additional details about what is specifically enabled for each macro. 
  • For other macros (not outlined below) where Macro Security is also desired, developers may enable their own macros to participate. See Using the Macro Security Macro to Control User Macros for more details.


 On This Page:

Usage

  • The basis of Macro Security is to prevent certain “restricted” macros from being deployed or edited within Confluence pages by unauthorized users, unless the edit restrictions defined for the page match the security restrictions defined for the macro OR the macro has been configured for and is being used in a space referenced by the Trusted Spaces approach for Macro Security.

  • In some cases, you may opt to secure only specific macro parameters rather than the entire macro.
  • Once a macro (or a macro parameter) has been configured for restricted use, you need to review any existing Confluence page that uses that macro to ensure its page restrictions match that macro's newly configured security restrictions.
  • For enabled macros that are marked as Use Restriction below, a security configuration entry is required for that macro before that macro will work on any installation where Macro Security enabled. 
  • Visit our Macro Security User's Guide for more information.

Legend 

ColumnDescriptionExample Configuration
Use Restriction
(tick) means macro can only be used by authorized users

sql = confluence-administrators

Parameter Restriction
(tick) means that one or more parameters can be restricted in total or by value if the parameter indicates this specifically

sql.datasource.* = confluence-administrators
sql.datasource.testDS = *ANY

Controlled ParametersList of those parameters that can be restricted or restricted by value

Enabled Macros

(warning) Please note that both the parameter names and values are case-sensitive!

Example Configurations

The Example Configurations page provides sample properties files you can download and use as the starting point for  your Macro Security configuration.

Configuration Tips

See Configuring and Enabling Macro Security for basic information and Understanding How Macro Security Works to learn about Macro Security in general and to review several example syntaxes.

  • Set less specific values first, then more specific.
  • Use generics to set parameter values if necessary. Example: sql.datasource.* = confluence-administrators.
  • Use *ANY to not restrict a specific setting. Example: run = *ANY.
  • Set a value for every macro that can be controlled (for instance, a value of *ANY). Lack of a value normally means it is not authorized.
  • If a page containing a restricted macro will be viewed or updated by a user using remote REST APIs, including an account used for automation purposes, that Macro Security configuration must give that user authorization to use that restricted macro.

     


Cloud

 Macro security is not available on Cloud (OnDemand). Behavior of macros for Cloud is the same as if Macro Security was not installed.







  • No labels