adding better search to global permissions in confluence

[flowxyz1]

Hi Team of Kablamo!

We are now using your App"BetterInstantSearch" and really happy about this!

In order to use the app properly, we would like to add it to the global permissions on Confluence so that any new space is also automatically included in the search. Unfortunately, we are currently having problems with this. Could you please check this?

Thank you!

Kind regards,

Sandra

[boyter]

Hi @flowxyz1 BetterInstantSearch (BIS) should pick up anything it can access within 30 mins or so (depending on when it last checked).

That said there has been issues were permissions are not applied and as such BIS is unable access the page. This is one of those ones we have to check on a case by case basis.

From your description is a new space that you have setup that is not being indexed? Is that every page within it? Do pages created in other spaces work as you would expect?

[flowxyz1]

Hi @boyter ,

as soon as we manually add the BIS to a Space, all pages will be displayed in the search. However, if we do not do that and create a new Space, none of the pages will be displayed in the search. Since we create a lot of Spaces, this process should be automated and we should be sure that all pages are searched. Is this possible? What is the further procedure then?

[boyter]

@flowxyz1 So when you say you add BIS to a space what do you actually mean? Do you mean you are doing this through permissions?

[flowxyz1]

@boyter yes, exactly. Otherwise the space won't appear in the BIS. How should it work normally?

[boyter]

@flowxyz1 So you are explicitly setting permissions. Could you possibly share how you are doing this?

Your usage is not unusual. Thats how a lot of companies split things apart in order to deal with with permissions like this. So they add explicit deny to everything, then add back in only what they want to appear on the search. I don't think there is any way to automate this, and if there is it might be a bad idea since it would mean BIS has permissions to literally everything.

[flowxyz1]

@boyter We actually want EVERY Space with all pages that is created to be automatically displayed in BIS. Unfortunately, this does not happen at the moment. In order for a Space to be displayed in the BIS, we have to manually add the app to the permissions of the Space, as shown in the photo. (see photo) And this procedure is inappropriate for us. We have more than 200 spaces that should appear in the search, but they don't appear in the BIS. Only when adding the app manually to the space permissions.

We could add other apps to global permissions in Confluence settings. So every time we create a Space, the app is added automatically. But with BIS this does not work. (see photo 2)

The way I understand it from your previous post, it is possible that all Spaces will be displayed automatically in the search. And that's what we need, without manual effort.

We want:

1. Create Space manually
2. Space should appear in the BIS automatically

How does it work? I hope, you understand what I mean with this :)

(Unfortunately the language on the pictures, is in German, hope this is not a problem! And we used Confluence Cloud.)

Photo 1:

Photo 2:

[boyter]

@flowxyz1 Right on the same page with you now. I don't believe that is possible unless you change how your permissions work inside your confluence. You need to either set it so new spaces are available globally, or give BIS access to every space.

Confluence permissions are not an area I know very much about sorry to say. But I believe the above to be the correct way to deal with this. This would solve you from having to add them each time as a higher level permission would apply picking them up.

Does this make sense?

[flowxyz1]

@boyter yes it makes totally sense. But the problem is, that I can't find the BIS and can't add it to the global permissions as you see on the picture. Is this even possible with BIS?

[boyter]

@flowxyz1 As in you cannot see where to add it in the permissions?

This is my biggest bugbear with Atlassian permissions currently. I have no idea how to set permissions on a per application basis. Its something I wish they would add. I would suggest contacting them since they might have an idea on how the permissions are inherited. My assumption so far has been they take the base permissions of the instance IE as the root defaults with no roles, but I might be wrong on that.

[flowxyz1]

Hi @boyter I recently reached out to Atlassian about this. The assumption that the problem is about the permissions is wrong. The Support has tried to use the BIS in their own system as described in the app documentation. This worked fine and no permissions had to be changed. Then they tried it in our system in the same way and it doesn't worked. So now I am contacting you gain. What else do you think this could be due to?

[boyter]

@flowxyz1 Off the top of my head nothing. But we have the same issue with out own Confluence, where we setup global permissions which deny everything, and then add people into groups.

This causes applications such as BIS to not be able to work properly on our own confluence. That's the main reason for thinking the permission issue as described.

Would you be comfortable perhaps attaching a special instance of BIS? You would need to install it through developer mode, and I would be able to attach processes to it allowing me to see what BIS is actually able to index. I would of course only see the page names (I would explicitly not see content through this process).

[flowxyz1]

@boyter yes i will install it through the developer mode. I will inform you when it's done :)

[flowxyz1]

Hi @boyter , I asked the Confluence support and they told me that: "In confluence, we don’t really have any option to install an app with developer mode via the marketplace." What did you mean exactly with that? Do you have a documentation how to do it?

[boyter]

@flowxyz1

Sorry I should have been more explicit. For all atlassian apps you can enable developer mode and install things. This is how you perform development work against it.

What I am proposing, is that I setup a small application based on BIS, that just walks every page it can in your application and returns any errors. This would allow us to see if every page is being found, or if something else is going wrong.

It requires me to do some work, giving you a special URL you can then paste into your application similar to the attached screenshot.

If you are comfortable with this, I will get the application setup, and then you can run it, and I can report back the results here. I will set it up now. I will ensure its only walking pages and I never see them. I am not interested in the content, only the ability to get at it. The test will not slow down your confluence instance in any way or impact it at all.

[flowxyz1]

hi @boyter , thanks for the explanation! :) It's fine for us. Please send me the URL so that I can Upload your app. Regards, Sandra

[flowxyz1]

Hi @boyter , could you please give me an update? Thanks and regards,

Sandra

[boyter]

@flowxyz1 My apologies. I am still in the process of this. I should have it for you next week so we can try the test.

[flowxyz1]

Hi @boyter thanks for the update! :) Regards, Sandra

[boyter]

@flowxyz1 100% will have this ready for you come Monday. Just need to sort out a safe server to run it on.

[flowxyz1]

Hi @boyter , thank you! Could you give me a short update? Regards, Sandra

[boyter]

@flowxyz1 My apologies, I will ensure this is done for you in the next 24 hours.

[boyter]

@flowxyz1 If you follow the screenshot mentioned about where you turn on developer mode and then upload the app using this URL https://e418-149-28-166-166.au.ngrok.io/atlassian/v1/connect/ it should then give us the information we need. Note it will also add a new application, which will show you the title and some other details of every page it was able to walk over.

This should only take a few minutes to populate, and you can view that newly added page to know when its done. I am capturing the logs on my side to see whats going on as well.

[flowxyz1]

Hi @boyter , thanks for the URL and the application. I installed the app on our instance and got a list of the pages located in the spaces that are already searchable with the BIS. How can we add the other pages?

[boyter]

So that list shows what the application can see. This could be down to permissions that the application has or otherwise.

Is it pages from a specific location (or multiple) or something else thats missing here?

Actually are the pages pages? Or blogposts? Or some other type?

[flowxyz1]

Hi @boyter , The list shows only pages from external spaces that everyone can see. No blogs or somethingelse. This spaces were searchable since the beginning. Then I added the BIS to some other spaces into the permissions and I could search for them. These spaces are not shown in the list. So it means: The spaces where we set the permissions so that everyone (intern & extern) can see them are searchable. The other spaces where the spaces can be seen only as an intern are not searchable as long as we add the BIS to the permissions. We have to much spaces to add the BIS to every space. This is a huge problem and should be fixed as soon as possible, so that our intern workers can search for their content. How should we proceed now?

[boyter]

@flowxyz1 I don't know if there is anything that can be done on our side to resolve this. This is an intentional security policy enforced by Atlassian to ensure that 3rd party applications can only read what you want them to deal with.

The last thing I can think of at this point is to setup a smaller instance (we can use one I have if you like) and configure it to replicate the issue and then we can investigate ways around it.