Redaction Security
We take the security of your company's private information seriously. Below we detail how we ensure security for redacted content in conjunction with Confluence features.
Redact macro
We recommend that you restrict page editing to those users and groups permitted to view redacted content.
Failing that, users without permission to view/edit the redacted content may appear to be able to edit the macro's settings, however these changes will not be persisted..
Redacted content
When a Confluence user does not have access to see the content of a redaction, the content is replaced with an equal number of spaces mirroring the length of the redacted content. The spaces are highlighted black emulating a traditional redaction.
Page history
Page History is not visible to a user who can not view all Redact macros on a page.
We took this precaution in case people redact content on an existing, private, page and then change the view permissions to allow a broader audience to view. Obviously if the new viewers could go back and look at the history this would be problematic, hence we block this feature entirely to those users who do not have access.
View source
Confluence offers the ability to see the 'source' of a page. When using Redaction for Confluence, your secure information is not stored in the body of the Confluence page. When a user views the source of a page they will only see where a redaction is placed in the page, rather than its contents.
See screenshot below.
Comments
All comments (including inline comments) can contain Redact macro entries in the same way a Confluence Page can.
Blog posts
Blog posts can contain Redact macro entries in the same way a Confluence Page can.
Copying redact macros
If you copy a Redact macro within a page, after saving the page both Redact macros' content and permitted users and groups will be that of the copy closest to the bottom of the page. These changes may not be reflected in the original copy's parameters.
If you copy a Redact macro to another page or comment, the original copy's content and permitted users and groups will be updated to that of the new copy. These changes may not be reflected in the original copy's parameters.