Features and Limitations - Lockpoint Cloud
Overview
Lockpoint Cloud provides system-wide functionality for locking and unlocking attachments, as described in Overview. Several important limitations and concerns apply to the Cloud version of Lockpoint.
If you are coming from the Server or Data Center version of Lockpoint, please see also: Feature Parity with Lockpoint Server/Data Center.
Certain App Cloud Permissions Required
When Lockpoint Cloud is installed on your Confluence Cloud site, Atlassian will automatically provision a "Cenote Lockpoint" app-based user on your site. This user does not count against licensing quotas, but this user is required for Lockpoint to operate.
Atlassian will automatically grant a certain set of permissions to the Cenote Lockpoint user. For correct operation, these permissions must not be changed.
Certain Space Permissions Required
Atlassian will, by default, add the Cenote Lockpoint user to the space-level permissions for all spaces on your site.
If the Cenote Lockpoint user is completely removed from a space, or if the Cenote Lockpoint user permissions are modified within the space, Lockpoint Cloud will not function properly within that space. In this scenario, users will be unable to lock or unlock documents within the space, and Lockpoint will be unable to detect or revert inadvertent attachment modifications.
Restricted Pages Require Additional Access
Due to the Confluence permission model, if a user applies page restrictions to a page, the Cenote Lockpoint user must also be added to the restrictions with "Can edit" permissions. If the Cenote Lockpoint user is not added to the restrictions, users will be unable to lock or unlock documents on the page, and Lockpoint will be unable to detect or revert inadvertent attachment modifications.
No In-Application Notification to Anonymous Users
Due to limitations of the Atlassian Cloud architecture, Lockpoint Cloud is unable to provide in-application notifications of blocked attachment uploads to anonymous users (users who are accessing the site without having logged in and who have no user account). In the case where an anonymous user uploads an attachment that is already locked by another user, the uploaded attachment will be reverted, but the anonymous user will not be notified by any in-app dialog.
Our experience is that Confluence Cloud sites are rarely made available to be accessed by anonymous users, and even when they are, anonymous users usually do not have permission to modify attachments.
Furthermore, organizations that use Lockpoint to protect attachment changes typically prefer to have named users making changes in the version history, rather than anonymous edits, so we judge this to be a minor issue.