The JavaScript files are typically added as Attachments to pages. Userscripts for Confluence checks that the file has the proper filename extension ".js" and that the file size is not larger than 1 mega byte. To ensure that the JavaScript file is not manipulated by unprivileged users, the app only provides only files that are accessible by | Static Document Link |
|---|
| document | Confluence Administrator |
|---|
| label | confluence administrators |
|---|
|
or | Static Document Link |
|---|
| document | Userscripts Administrator |
|---|
| label | userscripts administrators |
|---|
|
.Therefore the page is required to allow only members of these groups to access files in write mode. If no restrictions are set on page level, the app requires that the space is only accessible by members of these two groups. | Caution Box |
|---|
It is recommended to add JavaScript files only to dedicated spaces where only the mentioned groups have access to. As space admin go to the Permissions tab of Space Tools. 
In the recommended permission configuration for a userscripts repository space, we do not allow individual users. If you want to have individual users with access privileges, make sure that all individual users listed on this page are members of either | Static Document Link |
|---|
| document | Confluence Administrator |
|---|
| label | confluence administrators |
|---|
|
or | Static Document Link |
|---|
| document | Userscripts Administrator |
|---|
| label | userscripts administrators |
|---|
|
. Disallow Anonymous Access. | Expand |
|---|
| title | Alternative with users having read access ... |
|---|
| If non administrators need to have read access, this is also a valid configuration.  Image Modified
No user who is not a member of the administrators group is allowed to create, add or remove pages or add or remove attachments. Also no configuration of restrictions or space administration tasks are allowed. You may want to be more restrictive than the configuration shown above. From the Userscripts for Confluence point of view, users without administration privileges do not need access to the space. |
Alternatively you may also configure the proper access restrictions at page level. |
Note that the user services need to serve JavaScript files to users independent of their access privileges. Especially anonymous users may need to execute JavaScript code without access privileges to the attached JavaScript files. | 
