Skip to main content
Skip table of contents

Quick Start

The following is intended to be a quick start for those already familiar with data retention concepts and who are looking to deploy Content Retention Manager for Confluence.

We strongly recommend trying our app out first on a development, test, or staging tenant in order to familiarize yourself with it’s features and capabilities. This will help make sure the app conforms to your policies and expectations.

Review prerequisites

  1. A defined company policy on data retention or information governance. You’ll use this to define the policies, classifications, and rules within Content Retention Manager for Confluence.

  2. An active Confluence Cloud instance.

  3. A user account with Confluence Admin (Site-Admin) privileges.

Installation and first use

  1. Install Content Retention Manager for Confluence from Atlassian Marketplace into your instance.

  2. Once installation completes, select Confluence administration tools ( in the top right menu bar)

  3. On the left navigation menu, scroll down to Apps, and select Content Retention Manager for Confluence

Setting up your Retention Policies

Leave Automation turned off for now. We’ll enable that later.

Retention Policies are the primary dimension by which you can gain insights into and manage your content in Confluence. As an admin, you can define multiple Policies, assign a global default retention policy, and assign a different policy with Space, User, and Classification Level Retention Rules. Once your Retention Policies are in place you can scan and report on all content in Confluence. When you’re confident the policies are accurate, you can optionally enable automation to securely dispose of old content that is beyond it’s applicable policy.

  1. Select the Policies tab. This is where you will set your team's defined retention policy in days, and designate any granular entity-specific retention policies.

Feature

Definition

Default Retention

Where you select your site-wide retention policy. This will be your global default across all spaces.

Retention Rules

Where you can set custom retention policies for specific entities, such as spaces or users.

Tip: with a User rule, you can effect a discovery hold for content Created by or Modified by that User.

Policies

Where you create your custom content retention policies to be set against projects or your global default. The days you set will help the audit tool flag all content that is nearing the end of the retention period or has expired past the retention policy. When automation is enabled, Retention Manager will purge content from Confluence according to these policies.

  1. Create a custom policy in Policies if you don't see a preset policy that matches your desired retention schedule. Refer to the Adding a Policy step below. Each policy has a defined retention period and a warning period. The warning period happens at the set number of days before expiration to notify users and admins of the upcoming content removal. This will help your team keep an eye on content expiring before they expire and request content to be excepted against the policy. Extensions can be granted manually on the Content Audit tab.

  2. Be sure to click Save to apply your changes to the Policies settings. The changes will only take effect after they are saved.

image-20241113-191130.png

Policies tab in Content Retention Manager for Confluence

Adding a Policy

  1. Click the Add Policy button in the Policies section to create a new policy.

  2. In the Add Policy dialog, start by entering a unique identifier in the Code field to distinguish the policy being created. Next, provide a clear and descriptive name in the Name field. In the Description field, outline the purpose and scope of the policy to ensure its intent is easily understood.

  3. In the Trigger dropdown, select when the retention period should begin, such as when the content was last modified or created. Specify the duration for which the content should be retained in the Retention (days) field.

  4. Additionally, in the Warning (days) field, enter the number of days before the retention period ends to mark the content as ending retention status as a warning.

  5. Finally, select the appropriate Automation setting, choosing between applying the global automation settings (Default) or disabling automation for this policy (Disabled).

  6. Once all the fields are filled out, click Apply to add the policy.

image-20241113-191230.png

Example Policy Settings

Adding a Rule

  1. Click the Add Rule button in the Retention Rules section to create a new rule.

  2. In the Add Rule dialog, first select the entity type for which you want to create the rule. For example, if you select User as entity type, you can then search for the user by their names and select a user for the rule.

  3. In the Policy Definition dropdown, specify the retention policy for the selected user. This policy will override the default retention policy for contents created or last-modified by the user.

  4. Optionally, you can select a time frame to limit what contents the rule applies to. Toggle the Apply to a time frame switch and specify the start and end dates.

  5. Click Apply to add the user rule.

image-20241113-191324.png

Example User Retention Rule Settings

If you have defined Classification Levels (refer to Setting up your Classification Levels below), you can also select Classification level entity type and add a rule for a specific classification, as shown below.

Example Classification Level Retention Rule settings

You can also select Space entity type and add a rule for a specific space, as shown below.

image-20241113-191405.png

Example Space Retention Rule Settings

If content matches multiple Rules, the following override order will apply:

  1. User entity type Rules take precedence over all others, then

  2. Classification entity type Rules take precedence over Space Rules, then

  3. Space entity type Rules will take precedence

  4. If no Rules match, global default Retention will apply

When content matches multiple user-based rules, the rule for the user who last modified the content takes priority over the rule for the user who created it.

By following these steps, you can customize your retention policies to fit the specific needs of your team and organization. Remember, auditing your content first ensures that you can review and adjust these policies before any automated actions take place.

Setting up your Classification Levels

Classification provides another dimension to manage and categorize your content in Confluence. As an admin, you can define multiple Classification Levels, assign a global default Classification Level, and assign a default Classification Level to any space. As a user, you can specify a classification level to each piece of content to override the space and the global default classifications, as long as you have edit permission to that content.

  1. Select the Classification tab. This is where you will set a default classification level to apply to any content that is not specifically classified differently, and where you will set all Classification level definitions and the order of their sensitivity.

Feature

Definition

Default Classification

Where you select your site-wide classification level. This will be your global default across all spaces.

Classification Level

Where you create your custom classification levels to be set against pages and posts, spaces, and your global default. The order of the Rank indicates a sensitivity level, and Classifications will be presented in rank order to users when selecting a new level on a piece of content.

  1. Create a new Classification Level if you don’t see a preset level that matches your organization’s needs. Refer to the Adding a Classification Level section below. Each Classification Level has a name, a description, and a color for display along with a rank to help communicate the sensitivity of the level to a user.

  2. Be sure to click Save to apply your changes to the Classification settings. The changes will only take effect after they are saved.

image-20241210-201601.png

Classification tab in Content Retention Manager for Confluence

Adding a Classification Level

  1. Click the Add Classification Level button in the Classification section to create a new classification level.

  2. In the Add Classification Level dialog, start by entering a unique and descriptive name for the new level. In the Description field, outline the purpose and scope of the classification to ensure its intent is easily understood.

  3. Choose a Color to display alongside the classification to help convey its sensitivity when it is applied to content.

  4. Finally, choose a Rank for the classification level to help convey its sensitivity to your users. If you choose a Rank that is already in use by another classification level, they will then be displayed in order seen in the Classification tab. You can choose unique ranks for each level.

Example adding of a Classification Level

Adding a Classification Rule

  1. Click the Add Rule button in the Classification Rules section to create a new rule.

  2. In the Add Rule dialog, first select the entity type for which you want to create the rule. For example, if you select Space as entity type, you can then search for the spaces by their names and select a space for the rule.

  3. In the Classification Level dropdown, specify the classification level for the selected space. This policy will override the default classification for contents in the selected space.

  4. Click Apply to add the space rule.

image-20241210-201753.png

Adding a Classification Rule to a Space

Classification Level visibility and management

When a user views a page or blogpost, Content Retention Manager for Confluence will display the current effective Classification Level in a byline item alongside the metadata.

Classification_Level_visibility1.png

Example of a Classification Level display on a page

The byline clearly shows the current Classification Level, providing users with quick and easy access to classification details. Users with Edit permission to the content can update the Classification Level by:

  • Clicking the current Classification Level in the byline.

  • Selecting a new level from the dropdown menu.

  • Using the search field to quickly filter and locate the desired Classification Level by typing part or all of its name.

  • Once a new Classification Level is selected and the dialog is closed, the updated level is immediately reflected in the byline.

Classification_Level_visibility2.png

Example of a user selecting a new Classification Level

If Use Default is selected, the content-specific classification level override is removed and any applicable Classification Rules or the global default Classification Level will determine the effective Classification Level for the content.

Audit your content

Click on Content Audit tab. Here you will find the dashboard that allows you to comb through all content by status against the defined retention policy. You can use Filters to sort through content that is in the following statuses:

Retention Status

Definition

Visibility / Discovery

RETAINED

Content is in an active state and available. This means it hasn't expired per your policy or any extensions.

Accessible / Discoverable

EXTENDED

Content in which an admin has granted a specific retention policy that can either be shorter or longer than the company's global retention period.

Accessible / Discoverable

EVERGREEN

Content in which an admin has extended the retention policy indefinitely. This content will never expire or be automatically removed.

Accessible / Discoverable

ENDING

Content is nearing end of your retention period and you should determine if it needs to be granted an extension or if it's ok to be removed.

Accessible / Discoverable

ENDED

Content has expired against your defined retention policy. When a retention period of content ends, the content is first Deleted (recoverable) then Purged (irrecoverable) after a defined period of time in your Policies.

Deleted / Purged

image-20241113-191628.png

Example Content Audit View

Setting extensions

To extend the retention period for individual content, select one or more items and click Add Extension. You can also bulk edit multiple pieces of content to save time. There are two types of extensions:

  • Defined Extensions, which allows you to set an explicit retention date by content. This sets a specific date in the future you would like this content to conform to.

  • Indefinite “Evergreen” Extensions, which allows you to mark content such that it never expires against a retention policy.

Extensions are applied to individual content and take precedence over all policy settings, including retention rules.

image-20241113-191716.png

Example of extending to a specific date

Removing expired content

Only after you have audited your content and granted extensions to your retention policies, should you begin removal of any content that has expired against your company's defined retention period.

There are two methods for removal in Content Retention Manager for Confluence

  1. Manual - The admin can remove individual content or bulk remove all ad-hoc in the Content Audit tab. This is recommended for your first time using the content since it's likely you will have a very large amount of content at first to remove.

  2. Automation - On the Automation tab you can enable automated deletion and purging of content. This allows the app to routinely remove content from your instance based on it's retention status. As content expires against the retention policy, it is first deleted, then purged based on your settings.

    1. Automated Deletion - Allows the app to automatically delete content as it expires against the retention policy. When content is deleted, it is not longer visible or recoverable to standard users, but is recoverable to Site and Confluence Administrators. Content that is deleted but not purged is also considered “discoverable” in terms of regulations, laws, and investigations.

    2. Automated Purge - Automated purge allows the app to fully remove content from your system after a period of time. At this point the content is irrecoverable to anyone and is no longer considered “discoverable.”

Setting up automated content removal

Leave automation off until you have performed a manual audit of all content you wish to retain and purge

Once you enable automation any expired content will be purged as defined by the policies you set. Automated purging occurs based on the configured period after the retention period ends, following its last modification date, not from when it was deleted.

  1. Click the Automation tab. This is where you can enable automation.

  2. You can enable the toggle to automatically delete content, if desired.

  3. You can enable the toggle to automatically purge content, if desired.

  4. Set the number of days after the retention period you want the content purged (no longer discoverable).

  5. Click Save. At this point, automation will start deleting or purging any content based on your policies and the lifecycle of the content with Atlassian Confluence.

We recommend you have at least few days between delete and purge as a backstop so you can recover content that has been removed when it should have been retained if not flagged for extension ahead of time.

image-20241113-200230.png

Enabling Automation for deletion and purging (3 days later in this example)

Final steps and considerations

Remember, ongoing retention management is critical to conform to the array of laws and regulations, how you plan on enforcing is up to your team's operational plan. With Content Retention Manager for Confluence to can decide how much automation or manual process you would like. We recommend starting with manual auditing and removal for a period of time as you get familiar with the product. This will also make sure you don't accidentally remove something important.

Content status

Atlassian has multiple status levels to understand on how content exists. Discoverability for investigations and compliance is considered any time anyone (including an admin) can access or recover content.

Document status

Visibility (Accessible?)

Discoverable?

Current

Anyone Can View (limited to the content's visibility settings)

Yes (tick)

Archived

Visible to document owner, Users can archive and unarchive content

Yes (tick)

Deleted / Trashed

Not generally visible but recoverable by Space and Confluence Admins

Yes (tick)

Purged

No longer visible nor recoverable. Any trace of the content is removed.

No (error)

Discoverability and liability is critical to understand

Archiving and Deleting is not enough, so long as someone can recover a file, it's considered discoverable to most laws and regulations. So it's important that you actively maintain a policy that factors in what you want to be discoverable according to your Legal and HR teams.

Don't forget the Audit Log

The Audit log is a permanent record for you to provide for any investigation to know who and when may have set or updated a policy, defined an extension, deleted, or purged content. If the content is deleted or purged by automation it'll show up as such. The log only identifies content on a limited ID, it will not log the content itself.

image-20241113-200627.png

Example Audit Log in Content Retention Manager for Confluence

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close