As with any security implementation, you should develop a plan for what needs to be controlled and who needs to have access. Access can be given to individual userids or groups. In many cases, confluence-administrators will likely be one such group to whom you will give access. Also, review Macro Security Managed Macros to understand what elements can be controlled.
Accessing the Add-on's Configuration page
From the Manage Add-ons admin page, expand the Macro Security for Confluence item and click Configure to access its configuration page.
Set less specific values first, then more specific.
Use generics to set parameter values if necessary. Example: sql.datasource.* = confluence-administrators.
Use *ANY to not restrict a specific setting. Example: run = *ANY.
Set a value for every macro that can be controlled (for instance, a value of *ANY). Lack of a value normally means it is not authorized.
If a page containing a restricted macro will be viewed or updated by a user using remote REST APIs, including an account used for automation purposes, that Macro Security configuration must give that user authorization to use that restricted macro.
Communicating your configuration to users
It is a best practice to create a page for your Confluence user community that documents how you've configured Macro Security. This will guide them as to the "edit" page restrictions they must add to any page that will be using a restricted macro, and what spaces you've configured to use the Trusted Spaces approach for macro security.