Hi all,
I’m currently facing an issue with the permissions of the app user in a Confluence Forge app.
Is there any way to automatically allow the app user to access all pages, including restricted pages, so that I can use api.asApp() to call and retrieve data from any page?
Right now, it seems that if a page has restrictions and the app user is not explicitly granted access, my app is unable to fetch its content using the API.
I’d really appreciate any insights or recommended approaches to ensure consistent access.
Thanks in advance!
1 Like
Hi @LiaTran,
There is no existing workaround for this use case. This is an intended behavior i.e. users (in this case the app user) will only get the pages and blog posts they have permission to view.
Cheers,
Ian
Hi Ian,
Thank you very much for your reply!
Actually, I came across an interesting case with the Comala Document Management app. It seems like they’ve found a way to allow their app user to access restricted pages.
Here’s what I observed: I restricted a page so that only I can view and edit it. But when I reopened the Share settings dialog, somehow the Comala Document Management app still had edit permissions on that page — even though I didn’t explicitly grant it.
That got me wondering:
- Are they using a special permission model?
- Or perhaps they’re built as a Connect app, which can request the ADMIN scope — allowing broader access than Forge apps?
Do you have any insight into how this might be achieved? I’d love to know if there’s a way to implement something similar in Forge, or if this is currently only possible via Connect.
Thanks again!
Lia
Thanks for giving more context, @LiaTran; I initially thought you were looking for an override property for the REST APIs.
Unfortunately, I cannot speak on behalf of the creators of Comala Document Management app on how they implemented it as I have zero knowledge of it. However, one approach you can explore is by granting the app user space access permission (check this API for example)—you can either grant the app user space permissions or maybe you can add the app user to a group with existing access already. You can do this by adding a Global settings page to your app so the admin still has control, or you can try via the installed life cycle event (I have not personally tried this route). Once the app user has been granted the necessary view space (and page) access permission, it should have access to the restricted pages as well.
Let us know how it goes.
Cheers,
Ian
An addition to what @ianRagudo wrote: Content restrictions override space permissions, meaning that even if a user (or app user) is a space admin or an org admin, they cannot access restricted content unless they are explicitly included in the list of restrictions or have an admin key.
1 Like
