Expansion Configuration

Hard Cap (Max Users)#

The maximum total number of unique users that can be returned from a single expansion request across all groups combined.

Default: 2,000 | Maximum: 10,000

When the expansion reaches the cap, it stops and returns results so far with a truncated: true indicator. The UI shows a warning that results are truncated.

When to adjust: Increase if your security team needs to enumerate all users on pages with very large access lists. Decrease if API rate limits are being hit during expansion.

Page Size#

The number of users fetched per API call when expanding a group. Two options: 100 or 250.

Default: 100

A larger page size means fewer API calls and faster expansion, but each call takes longer. Smaller page size is gentler on rate limits but requires more calls.

Allow Large Group Expansion#

A toggle that controls whether groups with more than 500 members are included in expansion.

Default: Off (large groups are skipped)

When off, groups with 500+ members are skipped during expansion and marked as skipped: true with the reason “too large”. The UI shows which groups were skipped.

When on, all groups regardless of size are expanded, subject to the hard cap.

Warning: Enabling large group expansion with a high hard cap on a large Confluence instance can result in hundreds of API calls per expansion request. Monitor Confluence rate limit responses (HTTP 429) in Forge logs if you enable this.

Cache Settings (Reference)#

The access analysis system uses a two-tier TTL cache stored in the access-cache entity. These values are fixed in code and listed here for reference:

The cache can be manually invalidated from the dashboard Access Explorer tab using the “Refresh” button when viewing a specific page.