Analysis Features

Space-Level Analysis#

You can analyze an entire space without selecting a specific page. This shows the aggregate access configuration for the space itself, the permissions that all pages in the space inherit by default.

1. Select a space from the Space dropdown
2. Click Analyze Space (without selecting a page)
3. The Space Permissions Summary card appears showing:
   • Anonymous access status (YES / No with colored lozenges)
   • Users with direct space-level access
   • Apps and plugin accounts with space access
   • Groups with space access (name, member count, operations: Read / Write / Delete / Admin)
   • Broad groups (groups with 100+ members)
   • External users

Verdict banner: A one-line summary beneath the title shows: N users (direct) · N groups · [broad lozenge] · [external lozenge]

When to use space-level analysis: When investigating why many pages in a space appear overexposed, or when establishing a baseline before applying classification labels or permission changes to the space.

Note: Space-level analysis does not show page-level restrictions. Individual pages may be more restrictive than the space default.

App Account Filtering#

When Confluence spaces have Atlassian Forge apps, marketplace apps, or bot integrations installed, those service accounts appear in the permission lists. Aegis automatically identifies and separates them.

• In the access analysis, a dedicated “Apps / Plugins” summary card shows only accounts with accountType: 'app'
• Human user cards (Users with Access, Expanded Individual Users) filter out app accounts
• The View Individual Users expansion only returns human users

This prevents bot/service accounts from inflating user counts and cluttering the individual user list.

Remediation Suggestions Panel#

Below the score breakdown, the Recommended Actions panel appears when the exposure score is above Low risk. It provides a prioritized list of remediation steps.

Each recommendation card shows:

• Priority number (#1 being the highest-impact action)
• Title: Short name of the action
• Confidence lozenge: How confident the system is that this action will reduce risk
• Impact summary: Expected score reduction if the action is taken
• Description: Plain-English explanation
• Steps: Numbered action steps with links to Confluence Settings where applicable

Recommendations are ordered by the ratio of expected score reduction to implementation effort. Addressing item #1 typically provides the largest risk reduction per unit of effort.

Effective Users Estimate#

The “View Individual Users” button (Analyst+ only) expands all group memberships to enumerate actual human users with access. This is a two-step process to prevent accidental large expansions:

Step 1. Estimate:

1. Click View Individual Users
2. A confirmation dialog appears showing:
   • Estimated total users across N group(s)
   • Hard cap limit (default: 2,000 users)
   • A “Continue?” prompt

Step 2. Expand: 3. Click Expand Users to proceed 4. Results appear grouped by source (direct permission / group membership) 5. App accounts are filtered out automatically 6. If the hard cap is reached, a banner shows “Showing 2,000 of ~N users (cap reached)” 7. Groups larger than 500 members are skipped by default (configurable in Admin > Access Explorer); skipped groups are listed in a warning banner

Pagination: If more results are available beyond the initial page, a Load More button appears at the bottom of the list.

Note: The effective user count is an estimate because:

• Group membership data is cached for up to 24 hours
• Nested groups are not resolved (Confluence’s API only exposes flat groups)
• Groups larger than 500 members may be skipped
• Confluence site admins always have access regardless of listed permissions

Explain Access for User#

After running an analysis, the Explain Access for User section appears below the access summary. This feature provides a plain-English explanation of exactly why a specific user can or cannot access the analyzed page or space.

How to use it:

1. In the user dropdown, the app pre-populates options from all users resolved during the analysis (only human accounts)
2. Select a user from the dropdown (searchable)
3. Click Explain
4. A result box appears showing:
   • A verdict: “CAN access this page” (green) or “CANNOT access this page” (red)
   • The permission chain: each step in the access decision is shown as a labeled lozenge + description (e.g., “Space Permission · User is a direct space member with Read access”)
   • Any caveats that limit the completeness of the explanation

Explanation chain example:

[Space Permission - GRANTED] User is a direct member of the space with Read permission
[Page Restrictions - GRANTED] No page-level restrictions; page inherits space access

Content Classification in Access Explorer#

Analysts and above can set or update the content classification label directly from the Access Explorer without navigating to Admin > Classifications.

The Classification section appears below the score breakdown. It shows the current label (if any) and its source:

• “space default”, inherited from the space-level classification
• “inherited from space”, page has no override, using space label
• “page override”, this page has a page-specific label that differs from the space default

To classify:

1. Select a level from the dropdown (Public / Internal / Confidential / Restricted)
2. Click Classify (or Update if a label already exists)
3. The score is immediately re-analyzed with the new label factored in

To remove a page-level override and return to the space default:

1. Click Remove Override

Caveats#

At the bottom of every analysis, a blue information banner lists known limitations of the current analysis:

• Confluence site admins have access to all content regardless of restrictions and cannot be measured or excluded
• Public share links: Confluence Cloud has no API to detect share links. Content shared via a link may be accessible beyond what the analysis shows.
• IdP-synced groups (Azure AD, Okta) may have stale member counts in the Confluence API cache
• Nested groups: Confluence’s API only returns flat group memberships. Users who are members of a group-within-a-group will not appear in the expanded user list.

These caveats are always shown when present, even if the score is Low. Understanding them is important for correctly interpreting the analysis.

Exposure Byline on Pages#

On every Confluence page, the exposure byline (below the page title) shows a quick summary:

• Score chip: A colored number (0–100) with the risk band color
• Classification lozenge: If a label is set, shown next to the score
• Findings count: If active findings exist for this page

Clicking the score chip navigates the user to the Access Explorer tab with the current page pre-selected and analysis running. The byline also shows a Re-analyze button (↻) to force a fresh score computation.

Note: The byline score is cached from the most recent analysis. The snapshotAt timestamp shows how old the cached score is. Use the ↻ button to force a fresh computation.