System Admin Documentation
- 1 Installing CSUM app
- 2 Accessing CSUM App Configuration
- 3 Accept app permissions
- 4 Privileged User Settings
- 4.1 Privileged user
- 5 Group Settings
- 6 User Settings
- 7 General Settings
Installing CSUM app
If not installed, find CSUM app, start subscription to start the trial. Refresh page on install to see the Configure button referred next.
Accessing CSUM App Configuration
Global System Settings for CSUMCloud can be accessed using the Configure button on the CSUMCloud listing within Manage Apps.
|
Accept app permissions
When the app is first installed, or updates change the permission scheme, you will need to grant the app the permissions listed.
|
To learn more about app scopes, see App Security Scopes.
Once accepted, you’ll see the CSUM config page, the primary requirement here is to provide a valid Privileged user. See Privileged user configuration for further information.
|
Privileged User Settings
|
The privileged user configuration is required in order to use the CSUM-Cloud app.
Without a user selected, CSUM-Cloud has restricted access to the requests that can be made to access or alter Confluence group memberships, permissions, or names. This is due to not all Confluence REST APIs being supported by a Forge app. To work around this limitation, the selected privileged user accountId is used to invoke these requests on their behalf (asUser).
Where possible, any requests that can be made as the logged in user, or as the CSUMCloud Forge app, will be attempted before falling back to using the privileged user.
See Privileged user configuration for further information.
Once entered, if the selected user accountId is valid, a success message will be shown. Any validation errors will display a message indicating validation errors, such as the user selected lacks permissions or is no longer involved on the site.
Privileged user
This setting stores the user account ID of the user selected. This accountId is used to invoke Forge asUser requests, used to make elevated privilege requests on behalf of the user, allowing operations such as group membership changes to be executed without the logged in user being a system admin.
This is required due to certain REST APIs not being accessible by the Forge asApp app requests.
Group Settings
The group settings cover the majority of CSUM-Cloud global configuration, including the space group pattern used to match against found groups.
|
Space Group Pattern
This setting manages which Groups appear in the Groups table in the Space settings integration, and is also used for Group creation and Group rename actions.
Both {SPACEKEY} and {NAME} are overwritten at runtime. The default {SPACEKEY}-{NAME} would find groups matching this pattern (e.g, for a Space with the Space Key as TEST, the default Space Group Pattern will display Groups matching TEST-{NAME}, plus creating a group would automatically place the users input inside {NAME}.
Below are some examples of the default Space Group Pattern to help further explain:
Examples | Action | Result |
|---|---|---|
| Viewing Groups in the Space Groups Table | Groups such as |
| Creating a new group with the name | A new group with the name |
| Renaming an existing group with the name | The new renamed group will be given the name |
| Viewing Groups in the Space Groups Table for a Space containing Non alpha-numeric Unicode characters | Groups such as |
As seen, anything outside of the {SPACE} and {NAME} match patterns will always be included when creating or renaming groups.
Pattern Matches for groups with similar names
Due to the behaviour of the Confluence Cloud REST API, finding groups matching a given value will match against any groups with the included term. What this means, if you have multiple projects with similar keys (E.g. PROJECT and NEWPROJECT), the rest API would show groups matching the pattern for NEWPROJECT when accessing the app through space PROJECT.
Space Group Pattern matching is case-insensitive.
To avoid groups meant for one space being visible in another space, exact match filtering is performed to ignore groups that do not match. Any groups that are filtered will be excluded from the space groups table (along with also being excluded from space-restricted group search select fields). Groups are still counted as part of the paged response to retain pagination behaviour.
Space Group Actions Permitted
When this setting is On, it allows Space Admins to perform Actions on the Space Settings page.
When this setting is Off, the Space Settings integration will display the following:
|
Delegated Group Actions Permitted
This feature is currently being reviewed and has not been fully implemented. Toggling this setting does not currently affect CSUMCloud performance.
Maximum Users to process at a time
This setting limits the total count of Users that can be managed in a single action (An action denotes Add/Remove User(s) or Group Member(s)). By default, the value is set to 0, which removes the limit for Users actions at one time.
Maximum Groups to process at a time
This setting limits the total count of Groups that can be managed in a single action (An action denotes Add/Remove User(s) or Group Member(s)). By default, the value is set to 0, which removes the limit for Group actions at one time.
Restrict space groups
This feature is intensive and may result in performance impact when searching for groups due to additional requests being made.
If you are unsure if you require this setting, it is advised to keep it disabled, and to refine permitted user operations using Permissions.
This setting filters the groups shown select drop-downs (used in the Add/Remove users space operations) to only allow group membership manipulation for space groups matching the given space group criteria.
For example, when using CSUM-Cloud in space Test, the ‘Groups to add’ field in the add users screen would only show groups matching the pattern, e.g. Test-group, test-1. Other groups, such as anotherspace-group or admin-group would be filtered out.
Default Role
This setting configures the Role-assignment granted to groups during Create group and Rename group operations.
If your site has opted in to the Role Based Access Control (RBAC) beta, or is a new site with roles control enabled by default, this is the default behaviour to control view space permission for groups created within CSUMCloud. (This behaviour replaces the behaviour for adding ‘Read Space’ permission API to a new group, but still provides group members added to the created group to have the configured Role permissions, granted via Role-assignment to the group).
To learn more, see https://community.atlassian.com/forums/Confluence-articles/Beta-Simplify-space-access-in-Confluence-with-roles/ba-p/3044550.
Elevated permissions when using Role based access control
When configuring the Default Role, if a role is selected that grants admin permission, or an elevated permission to manage Space content, a warning will be shown.
You can still use the selected Role, but any groups created will grant Role assignments for these elevated permissions, and any members of these groups will be granted these admin permissions for a space.
It is advised to use a lower view-only role, or create your own custom role to use for the Default role configuration.
User Settings
The user settings provide the option to prevent restricted users from being shown and the option to inhibit user search to improve performance with large datasets.
|
Show Restricted Users
When this setting is Enabled, the User table will display these restricted users, along with an additional Restricted lozenge to distinguish between users. This allows Space Admins to operate with these users. Disabling this setting will remove the users from the table.
|
Auto Join Groups
This setting allows a selection of Groups to be chosen for Auto-Joining. When a user is added to a group, they will also be added to the selected Auto Join Groups.
User Search Enabled
During Add/Remove user actions, this setting allows Users to be searched, and allows the User table to be searched and filtered. Disabling this setting improves performance for large user instances, but limits Add/Remove user actions to operating via Group membership.
Restrict space users
This feature is severely intensive and may result in performance impact when searching for users due to additional requests being made to validate user membership.
If you are unsure if you require this setting, it is advised to keep it disabled, and to refine permitted user operations using Permissions.
This setting filters the users shown select drop-downs (used in the Add/Remove users space operations) to only allow group membership manipulation for users that already have .
For example, when using CSUM-Cloud in space Test, the ‘Users to add’ field in the add users screen would only show users that are a member of a group that matches the space group pattern. Any users without membership for a matching space group would be filtered out.
For example, When accessing CSUM-Cloud within the space TEST, if User A is a member of Test-group, but User B is not a member of any group matching the space group pattern, only User A would be shown in the user dropdown. User B is filtered due to lacking group membership.
General Settings
The general settings of the app cover downtime messages to restrict access of the app within space settings, alongside the option to restrict personal space management changes from being made.
|
Allow Personal Space Management
This setting configures the ability for CSUM Cloud to be used within a Users' personal Space. When this setting is Off, the following appears when attempting to access CSUM Cloud from within a Personal Space:
|
Add-on Enabled
This setting toggles the ability for Space Admins to access CSUM Cloud within a Space. When this setting is Off, the following appears when attempting to access CSUM Cloud from the Space Settings integration:
|
Deactivated Add-on message
This setting alters the message displayed to Space Admins when attempting to access the app from within the Space settings integration.