...
- Anyone with edit permissions on the page with ConfiForms Form macro is an administrator of this form. Users with "view" only permissions on the page with ConfiForms Form are normal users of the form (except in the cases when a user has system administrator for Confluence)
- You can restrict page edit permissions, but still have your users as form administrators. This is controlled through ConfiForms Form macro parameters
- You can set additional form administrators
- You can specify super users
- You can also enable access to form data even if user does not have permissions to access the page with ConfiForms Form
- By default, using REST API is not enabled for form non-admin users. This is controlled by enabling export via ConfiForms Form macro parameter
It is important to understand that Confluence requires a user to have EDIT permissions on the page to allow uploading attachments. For ConfiForms this means that you need to open the page to anyone if you want to accept file uploads in your form, which is really not good and does not feel safe. As users will become form administrators as well. Which is rarely wanted
ConfiForms has introduced a way to bypass this requirement and this could be controlled via the following parameter in ConfiForms Form Definition macro
Related:
Why do I see an extra button with + sign on my form and ownedBy field
...