Create Confluence pages with the same permissions as the Slack channels they archive

[jcpsantiago]

Presently, when creating an archive from a private Slack channel the resulting page in the Confluence remote target will be public i.e. group/user permissions do not carry over from Slack to Confluence. A warning message is shown to users when adding the bot to a private channel.

Instead, what users want to is to create similarly private archives in Confluence.

Confluence has docs about setting permissions via the Cloud API (https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-content-restrictions/#api-wiki-rest-api-content-id-restriction-post) — needs further exploration.

There are a few challenges to achieve this:

• Cache invalidation: new users added to a private channel must/should be added to Confluence's permissions too.
• Mismatched identity between Slack and Confluence: it is possible that users have different emails in Slack and Confluence, which could make matching identities in both services complicated.
• Setting permissions is not available in free Confluence accounts

We must research the possibilities first here to ensure a seamless experience for users without surprises. Please add discussion as comments below.

Note: I originally received this request via email.

[jcpsantiago]

We need to detect if the Confluence tenant is on the free tier, because it's not possible to set permissions in unpaid accounts.

This also makes it harder to test, because at the moment we do not have a paid Confluence account. I asked here https://community.atlassian.com/t5/Confluence-questions/How-can-I-test-setting-permissions-on-pages-and-spaces-without-a/qaq-p/2563008#M287959 for advice on how to do this.

[practicalli-johnny]

I assume it would be simpler if the resulting confluence page access is via a predefined group in Confluence. This way individual accounts are not needed and it is the responsibility of the customer to manage their own access (which it should be).

Given a channel is archived by the bot When the channel is private Then the bot prompts the user for a Confluence group that controls access to the page

Confluence groups can be viewed via an API call, should it be beneficial (and technically possible to provide a selectable list or completion on group names

https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-group

[jcpsantiago]

I agree with you, and additionally it does not seem like we can grab a list of Confluence users from a tenant. This means we cannot get user IDs that match the Slack users in the group, nor set the permissions.

I think we can make the messaging around the dangers of archiving private channels even more explicit (at the moment we only inform users when the bot joins the channel).

AFAIK this is a feature we cannot implement directly via API calls, it will always need some user interaction (and a paid tier account):

• Either the user themselves go in Confluence and change permissions by hand
• or we ask which existing Confluence group should be used
• or create a new group, but I think this has the same issue because we can't get access to the account id

I'm closing the ticket for now, we can revisit this in the future if there are changes to the Confluence API, or if we get more requests from customers.