Update content restrictions with API v1

andrea · February 3, 2025, 8:50am

Hi, I’m trying to add users to the restrictions of a page (the page has no restrictions), impersonating with my user who has admin permissions and when using the endpoint Add user to content restriction I’m getting an error 400 (Bad Request) with the following message:

'com.atlassian.confluence.api.service.exceptions.BadRequestException: Provided ContentRestrictions evicts current user (you) from: [read]. Must include yourself in "user" sections for READ and/or UPDATE when restricting those operations. Must not provide restrictions which when applied result in current situation.'

I tried to add my user with write permissions and I get the same error (missing edit permissions). I did it with view permissions but the same happened (missing write permissions).
Is there any way I can send write and view permissions to avoid this error?

t-bundt · February 3, 2025, 10:29am

Can you share your request body? The format for the restrictions calls ist quite complex.

andrea · February 3, 2025, 3:22pm

I was sending this:
{ accountId: userId }

The funny thing is now I’m testing with this endpoint Update restrictions and it is giving me the same error. The body I’m sending is this one:

{
      results: [
        {
          operation: 'update',
          restrictions: {
            user: {
              results: users,
            },
          },
        },
      ],
    }

users is the array with the users I got from using the Get user endpoint.

I forgot to mention that the user I’m adding is mine.

DarrylLee1 · January 28, 2026, 5:20pm

Sorry, this is a necropost, but I recently ran into the same error message:

‘com.atlassian.confluence.api.service.exceptions.BadRequestException: Provided ContentRestrictions evicts current user (you) from: [read]. Must include yourself in “user” sections for READ and/or UPDATE when restricting those operations. Must not provide restrictions which when applied result in current situation.’

And man, the examples in the documentation suuuuuck.

So I cheated by looking at what ~~Appfire’s~~ Bob Swift’s CLI for Confluence did when the --verbose flag was set during while doing an addPermissions action, I figured it out.

Kind of like it says (which I also didn’t get), Atlassian needs you to include the admin userId along with the Ids of the users for whom you’re trying to grant access.

So, if my user Id is 12345, and the ones I’m trying to add are 23456 and 34567, the payload needs to look like this (note too that it doesn’t need the results container):

[
  {
    "restrictions": {
      "user": [
        {
          "accountId": "12345",
          "type": "known"
        },
        {
          "accountId": "23456",
          "type": "known"
        },
        {
          "accountId": "34567",
          "type": "known"
        }
      ]
    },
    "operation": "update"
  }
]

Operation could probably come before the restrictions, but that’s how Bob formats it, and that’s what worked for my Python script.

Sorry this is like, a year too late, but maybe it helps somebody else!