How to create a space with permissions?

The api docs say that during creation space permissions can be set

https://developer.atlassian.com/cloud/confluence/rest/api-group-space/#api-api-space-get

The following payload is send to the endpoint:

   key: 'PluginDev5e331e319029c30ca0bca36e4',
   name: 'PluginDev_5e331e319029c30ca0bca36e',
   permissions: [
      {
        subjects: {
          group: {
            results: [
              { type: 'group', name: 'administrators' },
              { type: 'group', name: 'confluence-users' }
            ],
            size: 2
          }
        },
        operation: { operation: 'administer', targetType: 'space' },
        anonymousAccess: false,
        unlicensedAccess: false
      },
      {
        subjects: {
          group: {
            results: [ { type: 'group', name: 'administrators' } ],
            size: 1
          }
        },
        operation: { operation: 'read', targetType: 'space' },
        anonymousAccess: false,
        unlicensedAccess: false
      }
    ]
  }

As expected I get a space object in return verifying that a space got created. And when reattempting the command I get the error that a space with the key already exists, but no matter if I supply a user or group to the permission payload no one is able to access/see the created space.

{
  id: 163480027,
  key: 'PluginDev5e331e319029c30ca0bca36e4',
  name: 'PluginDev_5e331e319029c30ca0bca36e',
  description: {
    plain: { value: '', representation: 'plain', embeddedContent: [] },
    _expandable: { view: '' }
  },
  type: 'global',
  permissions: [],
  status: 'current',
  _expandable: {
    settings: '/rest/api/space/PluginDev5e331e319029c30ca0bca36e4/settings',
    metadata: '',
    operations: '',
    lookAndFeel: '/rest/api/settings/lookandfeel?spaceKey=PluginDev5e331e319029c30ca0bca36e4',
    icon: '',
    theme: '/rest/api/space/PluginDev5e331e319029c30ca0bca36e4/theme',
    history: '',
    homepage: '/rest/api/content/163480029'
  },
  _links: {
    context: '/wiki',
    self: 'https://obital.atlassian.net/wiki/rest/api/space/PluginDev5e331e319029c30ca0bca36e4',
    collection: '/rest/api/space',
    webui: '/spaces/PluginDev5e331e319029c30ca0bca36e4',
    base: 'https://obital.atlassian.net/wiki'
  }
}

Hi @Kilian.B trying to understand what you’re doing here.

You are calling POST /wiki/rest/api/space with the payload in the first code block. The space is being created.

You run the command again? You’re running the same exact space creation command? This is where you lose me.

Is it only after running the command again you can’t access the space you created via the API?

2 Likes

Hello @rwhitbeck,

sorry for the late response. We were shut down for a few weeks.
Yes, after calling the first code block the space is being created, but without the specified permission. The created space is lost in the void since no one has access to it.

Running the same code a second time was just to prove that a space has in fact been created. It does not change anything on the outcome.

Updating the space permissions currently is not supported as seen here: [CONFCLOUD-44329] Ability to set space permissions via REST API - Create and track feature requests for Atlassian products.
The documentation clearly states that it should be possible to be set during creation. There exists a jira ticket which says that it is broken for some extended time now but it was closed with the reasoning that it wont realistically be fixed in the near future. I find this reaction bothersome since there is NO workaround available.
Creating the space with permissions was already my go to workaround since the update feature does not exist. (I stumbled upon the tickets weeks ago and can’t seem to find it anymore).

Additionally we have spent quite some development time on this just to find out weeks later that the documented feature does not work, at least please fix the documentation.

Hi @rwhitbeck - we have run into the same issue.

If we create a space via the REST API (https://developer.atlassian.com/cloud/confluence/rest/api-group-space/#api-api-space-post) as an admin user and specify permissions, the space is created as expected. However, if we create a space via the REST API as a non-admin user all specified permissions are ignored, and no default permissions are applied to the new space.

This results in a space that cannot be accessed, even by an administrative user. Furthermore, the new (experimental) API to add a permission to a space fails on the new space because the user who created the space does not have permission to add a new permission.

Additionally, the API returns success when the space is initially created, but this is not a successful operation.

3 Likes

I can confirm that spaces created as admin users are working as expected. Thank you @TimPesce.
Using the app user will still result in the issues mentioned beforehand.

2 Likes

Here is the corresponding bug report which got closed a while back: [CONFCLOUD-57682] Creating Space with Permissions Not Working (REST API) - Create and track feature requests for Atlassian products.

1 Like