the CSU plugin requires Active Objects, which is only present in 4.3+, if AO is installed on earlier releases SU may work there...
Dual Marketplace/Vendor licensing
Dual licensing means SU for Confluence can be: a) Licensed with Marketplace license b) Licensed with Vendor licenses
Dual licensing does not mean SU Vendor licenses are compatible with marketplace, can be installed in marketplace or otherwise used anywhere except the Vendor license screen, as they are by definition Vendor licenses.
For users wanting to switch to Marketplace licensing, when renewing maintenance, a 50% discount for their specific license tier will be given. This discount is done through a single use promotion code. At this time transfer 'mid-year' is not being offered.
What does SU do?
As a system admin you get users saying 'I cant do xyz', or you have conversations like 'you should see xyz' and the phone says 'no I cant'. You need to be your user to ensure clarity of instructions, and to spot/resolve other kinds of problems. Without giving passwords away, how do you do that? Well, you use this plugin. This plugin enables system administrators to become another user (to 'su' in Linux speak), enable setup, testing etc
@since CONFSU 1.8.6
A global keyboard shortcut is available for SU, to see all available confluence keyboard shortcuts press ?, you will then see a window that shows you all confluence keyboard shortcuts:
To trigger the SU prompt, press the combination G and then U, you will then be prompted to switch user:
Ready to Submit
Ready to Submit
@since CONFSU 1.8.6
You may get Permission Denied warnings if you haven't configured SU Access...
Only system admins can configure who can SU, anyone with SU capability cannot SU to a user with system admin capability!
The SU keyboard short-cut will only be visible for people who have the SU capability
Appropriateness of SU is validated at the point of SU, so SU links will be shown for System admins etc.
The default behaviour is that System admins and Confluence admins are able to SU, access may also be granted to nominated groups (note: probably not a good idea to add confluence-users into this!):
SU - exit
Once you have taken on the identity of a user, it will be possible for 5 minutes to use the User menu and access SU-exit to get back to the admin user acct. See below:
The follwing are the formats of data for the SU and SU-Exit actions:
2018-10-08 14:34:15,856 INFO [http-nio-8090-exec-2] [confluence.su.actions.ConfSUAction] doSu SU Complete, From [user=admin, name=admin] To [user=test, name=test]
2018-10-08 14:35:13,394 INFO [http-nio-8090-exec-1] [confluence.su.actions.ConfSUExitAction] execute SU EXIT Complete, From [user=test, name=test] BackTo [user=admin, name=admin]
New 1.7.1+ SU links
1.7.x is Confluence 5.3+ only!
Its taken longer than I thought to get round to this (thanks Paul!) but automated injection of the SU link has now been done (and is being done for all SU add-ons).
In Confluence there is a new operations column with SU listed (may eventually go back and add all the 'user' operations there too.
As before the user-drill down now has an automated SU link added. IF you have previously modified the viewuser.vm file, there will be two SU links, its not harmful, and can either be removed manually (no restart required) or left to vanish on next upgrade:
Legacy Manual Configuration (pre 1.7.1 only)
Up until 1.7.1 a manual modification, detailed below was required for the SU link to appear. This is now dynamically injected,
1. Once the plugin installs, all that needs to be done is to invoke it, getting a link to show up in the view-user drill-down is done by modifying confluence/admin/users/viewuser.vm. This file changes with different revisions of Confluence, the important point is that just one link needs to be added. In order to invoke the action, you can manufacture a link as follows:
Two modification is required to put the action in the right place. There are two areas in the file, one is for links on screen, another is tagged as 'operations' perhaps for mobile devices. Part2 - operations
1. In order to SU, the SU-user needs to be specifically granted permission, except if you happen to be a direct member of confluence-administrators group, Global Permissions tickbox is not enough. Such a user can configure the plugin through its Configuration link. 2. Configuring the plugin will allow specific users and/or groups to be tested for SU eligibility, however, as the SU action is a restricted action, they need to have the Global Permissions tickbox 'administer confluence'. This provision allows for a subset of users to be specifically enabled for SU.
Once configured, nominated users/groups will be able to access the SU link on the user browser, or wherever you linked the action from.
Once installed, as a system administrator, go to the User Browser, select the user, you will find a SU link in the Operations column. Clicking SU will reset who you are to the given user, and return you to the Dashboard. Once SU'd you will be that user, there will be an SU Exit link , through which you can revert to your previous identity.
Every aspect of SU activity is now audited, whilst anyone with Global Permissions tickbox 'administer confluence' may see the SU Audit link in the Confluence Admin Security section, only direct members of confluence-administrators can access the plugin configuration and flush the history.