Description of the service

Confluence is a so-called Enterprise Wiki, which is developed and distributed by the company Atlassian.
At DESY, Confluence is used as collaboration software and is mainly used for communication, documentation and knowledge exchange between organizations, groups and teams.

Operator of the service

The operator of the service is DESY-IT.
The user group includes DESY-employees as well as employees of partner institutions (EXFEL GmbH, CFEL, CSSB, University of Hamburg and others). A DESY account is required to use Confluence. Therefore, correspondingly agreed upon guidelines and the usage regulations apply.

Use of the service

Confluence is used across departments at DESY.
Access authorization to Confluence is assigned decentrally via the DESY User Registry by the responsible namespace administrators.
The The Terms of Use of the Atlassian tools at DESY apply to the use of Confluence.

Availability

The service is always monitored for availability. Confluence is an important tool for many users and requires high availability. For maintenance work, downtimes of about three working days per year are planned.
Users are required to keep the content and data they need in Confluence available offline.

Authorization concept

Authorizations can be assigned to individual users or to entire DESY groups. In principle, the following three types of permissions are currently distinguished in Confluence:

• global permission
• space (group) related permission
• site permission

Global permission

Every DESY account with the registry resource "confluence" may

• log in to confluence (confluence.desy.de)
• update their user status
• create a personal space
• create spaces

Space Permissions

Space Permissions

Space permissions are defined within a space and determine which users and DESY groups may view the space and its contents and which functions they may perform in this space. However, the visibility of individual pages is not yet restricted at this point: all users who are allowed to see the space are automatically allowed to see the pages within this space. The visibility of individual pages can be individually limited if required (see "Page Permissions").

Space permissions can be set by space administrators. Space administrators are basically the creator of the space and users or user groups authorized by the creator.

The following space permissions are available:

• Show space (view and open space)
• Page actions:
  • add
  • export
  • restrict (grant page permission)
  • remove
• News / Comments / Attachments
  • add
  • remove
• E-Mail
  • remove
• Export space
• Administrator (access to space administration including space permissions)

A space is only visible to those users who have the "Show space" permission by individual or group permission. Without this permission, the space and its contents are completely invisible to a user - the space will neither be displayed to him/her on the dashboard nor will he/she be able to find contents of this area via search. Protected content can be managed very well in Confluence in separate, protected spaces.
 

By using space administrators, the responsibility for an space in DESY Confluence is delegated to certain core users. Users with this authorization are given access to the space administration, where they can define the authorizations for this space and view and unlock all restricted pages.

In addition to user and group permissions, there is also the role Anonymous. This role has no permissions by default. Sometimes (e.g. with blogs) it can be useful to give the role "Anonymous" read permissions.

Attention: Never give write permission to the role "Anonymous"!

Site permissions

While the space level determines which users and user groups are allowed to see the space and its contents, the pages of an space are in principle not restricted at first: All users who can see a space can also see its contents.
Page permissions can only be restricted by users who have the space permission "Restrict". Here applies:

• The read restriction of a page is hierarchically inherited to the subpages
• Subpages with already inherited reading restrictions can be provided with additional reading restrictions
• Subpages can only be read by a user if the hierarchically superior pages also have read permission for this user.
• Users who do not have permission to edit a page cannot change its page restrictions

If you have technical questions or problems, please contact:
it-atlassian@desy.de.