Confluence V1 Connector Configuration Reference
Retrieve data from the Atlassian Confluence Wiki CMS. You can configure this datasource to crawl pages, spaces, blog posts, comments, and attachments.
The Fusion Confluence connector supports Confluence Server versions 5.5 and later and Confluence Cloud.
Confluence Connector’s security trimming
Why do some field names have different numbers?
After crawling some test Confluence content, the Solr index has ACL fields such as acl_users_0_s
and acl_groups_0_ss
, but the field names can have different numbers. For example, some documents have acl_users_1_s
or acl_users_6_s
.
This is due to the strange way that Confluence handles user and group viewing permissions. Each of these fields represents an ancestor of the item’s security. If a user does not match EACH level of permissions, the user cannot see the document and the doc will be filtered out.
You will see three fields that are used during security trimming:
-
ancestorCount_i
stores the number of ancestors this item has -
acl_users_i_s
stores the users allowed to see this item at ancestor numberi
-
acl_groups_i_s
stores the groups allowed to see this item at ancestor numberi
Users/groups that want to see a document in Confluence are processed ancestor-by-ancestor linearly.
During security trimming, you will give the filter a queryUser
and we return the Confluence documents this user can access.
The Confluence security trimming algorithm does the following:
-
Calculate the maximum
ancestorCount_i
of all documents in the index (max(ancestorCount_i)
). -
Query Confluence for the Confluence Security Groups that
queryUser
is part of. -
Then
for i from [0 to max(ancestorCount_i)]
, append an AND clause for the security filter to match against each ancestor level for theacl_users_i_s
andacl_groups_1_s
fields:
(acl_users_i_s:_lw_confluence_anonymous_ OR acl_users_i_s:queryUser OR acl_group_i_s:group1 OR acl_group_i_s:group2 ... )
For example:
queryUser = ndipiazza
groupsUserIsIn = EngGroup, NorthAmericaGroup
max(ancestorCount_i) = 3
Then the filter would be:
(acl_users_0_s:lw_confluence_anonymous OR acl_users_0_s:ndipiazza OR acl_group_0_s:EngGroup OR acl_group_0_s:NorthAmericaGroup) AND(acl_users_1_s:lw_confluence_anonymous OR acl_users_1_s:ndipiazza OR acl_group_1_s:EngGroup OR acl_group_1_s:NorthAmericaGroup) AND(acl_users_2_s:lw_confluence_anonymous OR acl_users_2_s:ndipiazza OR acl_group_2_s:EngGroup OR acl_group_2_s:NorthAmericaGroup)
As you see, because these are AND’d together, if the user does not match EACH level of permissions, the user cannot see the document and the doc will be filtered out.
Configuration
When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.
|