CONTACT US
Role Based Access Control in Confluence CloudRole Based Access Control in Confluence Cloud

4

Dec

2025

Transitioning to Role-Based Access Control (RBAC) in Confluence Cloud: Key Changes and Migration Strategies

by Slava Kosciusko

Transitioning to RBAC in Confluence Cloud

Confluence’s new role based access control (RBAC) model is now in open beta, and it introduces a major shift in how organisations manage user access and user permissions across their Confluence instance. New Confluence sites already use a roles-only model, while existing sites using the legacy permissions matrix are being moved into roles transition mode.

For most organisations, this means it’s time to plan the move from the legacy permissions to a scalable, modern role based access control.

Below we summarise what’s changing, the benefits, and how GLiNTECH can support a clean, low-risk transition for Confluence admins, team leads, and governance owners.

What’s changing with RBAC?

Confluence Cloud is replacing its legacy permissions with a new granular access control system based on predefined and custom roles. Key changes include:

Four default roles

  • Admin, Manager, Collaborator, and Viewer
    Each role bundles the individual permissions you previously had to configure per individual user groups. This simplifies how you manage permissions at both space and instance level.

Up to 10 custom roles

Organisations can now assign custom roles (up to ten per site) to match different teams, project types, or space settings. These custom roles provide flexible options for custom access that reflect real-world responsibilities. (Atlassian Support)

Three space access modes

Across your Confluence instance, you will see:

  • Pre-roles: Legacy permission only
  • Roles transition: Legacy permissions + Roles side by side (existing spaces)
  • Roles only: Roles fully replace the legacy permission matrix

Certain operations - such as Cloud-to-Cloud data transfers, restoring app data, or importing a space - will automatically move your site into roles transition mode, shifting how access control is managed. (Atlassian Support)

Why move off the legacy permissions model?

Moving away from legacy user permissions isn’t just a technical change - it’s an opportunity to improve the security, scalability, and consistency of your entire access management model.

  • Simplicity of administration: Instead of making 14+ checkbox decisions for every Confluence user, administrators can now simply select a predefined or custom role.
  • Consistency at scale: Confluence roles make it easier to manage user access across many spaces, ensuring your organisation follows a predictable and consistent structure.
  • Safer delegation & increased control: RBAC introduces more granular access control, allowing team leads to safely assign roles without granting unnecessary privileges to other users. (Atlassian Support)
  • Future-proofing: New Confluence sites are now roles-only, and the legacy model will be fully replaced. Organisations that migrate early will avoid future disruption and benefit from a cleaner, more scalable system. (Atlassian Community)

GLiNTECH tooling: streamline the transition to roles

We’ve built a repeatable, auditable, low-risk pathway for implementing RBAC and migrating legacy configurations.

What’s in the toolkit

  • Permissions-to-role mapping template
    This helps your organisation define which global permissions, space permissions, and user classes map to each role - including any required custom roles.
  • Automation script for transitioning
    Our automated process executes your legacy-to-RBAC migration using Confluence REST API endpoints, ensuring roles are assigned accurately and consistently across your Confluence instance.

CloudTX: User Management, Governance & Security

Transitioning to role based access control is only one part of modernising your Atlassian access management framework. Many organisations also need to address broader user management, security, and governance requirements.

Our CloudTX solution provides an end-to-end architecture for:

  • Advanced authentication and identity policies
  • User provisioning and deprovisioning
  • Consistent roles and permissions structure
  • Managing both internal and external users
  • Meeting compliance, audit, and governance expectations

CloudTX ensures your organisation has a secure, scalable, and compliant foundation - far beyond just RBAC.

You can explore the full solution structure here: Atlassian Jira & Confluence Cloud Transformation Solution

Ready to move?

If you're preparing to migrate to RBAC or planning to implement RBAC across your Confluence instance, we can help.

Chat to us to schedule an RBAC readiness & rollout planning session, or register your interest in our broader CloudTX Security and Governance program.

CONTACT US