wiki:acl
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wiki:acl [2007/08/24 09:33] – jas | wiki:acl [2007/08/24 09:51] (current) – jas | ||
---|---|---|---|
Line 73: | Line 73: | ||
When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he is in. The rule which gives the highest permission is used. Permissions are checked for the page first, then all upper namespaces are checked until a matching rule is found. | When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he is in. The rule which gives the highest permission is used. Permissions are checked for the page first, then all upper namespaces are checked until a matching rule is found. | ||
- | ACLs can be added in two ways. DokuWiki comes with the '' | + | ACLs can be added in two ways. DokuWiki comes with the '' |
- | To add a restriction rule, enter the administration interface by pressing the '' | + | To add a restriction rule, enter the administration interface by pressing the '' |
{{wiki: | {{wiki: | ||
- | Restrictions are added in the top row of the table. You need to select the scope, which can be either the current page itself, or one of the namespaces it is in ((the top-most namespace is called '' | + | Under '' |
- | Note: The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload | + | After you have selected a namespace, under '' |
+ | If you wish to add an ACL entry to the selected namespace, go to the '' | ||
- | ^ Name ^ Level ^ applies to ^ Permission | + | Please note the following: |
- | | none | + | |
- | | read | + | |
- | | edit | + | |
- | | create | 4 | namespaces | + | |
- | | upload | 8 | namespaces | + | |
- | | delete | 16 | namespaces | + | |
- | | admin | 255 | admin plugins | + | |
- | Here is an example: | + | * The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore. |
- | < | + | |
- | * @ALL 4 | + | |
- | * bigboss | + | |
- | start | + | |
- | marketing:* @marketing | + | |
- | devel:* @ALL 0 | + | |
- | devel:* @devel | + | |
- | devel: | + | |
- | devel: | + | |
- | devel: | + | |
- | devel: | + | |
- | </file> | + | |
- | Lets go through it line by line (though see below for more): | + | * The admin of the site has access to everything on the site, no matter what the ACL says. |
- | + | ||
- | - This sets permission for the main namespace. Allowing everybody to edit and create pages. However upload is not allowed. | + | |
- | - User //bigboss// is given full rights | + | |
- | - The permissions for the start page are restricted to readonly for everyone | + | |
- | - Then the permissions for the namespace '' | + | |
- | - Now the access | + | |
- | - Well not nobody really -- we give members of the //devel// group full rights here | + | |
- | - And of course //bigboss// is allowed, too -- and he's the only who can delete uploaded files | + | |
- | - However the devel guys don't want their boss to see the '' | + | |
- | - And the // | + | |
- | - And finally the // | + | |
- | + | ||
- | Please note that **order does not matter** in the ACL. The ACL is parsed as whole, then a perfect match for the current page/user combo is searched for. When a match is found, further matching is aborted. If no match is found, group permissions for the current page are checked. If no match is found the check continues in the next higher namespace. | + | |
- | + | ||
- | You can see this in the above example | + | |
- | + | ||
- | Note: To configure users or groups with special chars (like whitespaces) you need to URL escape them. This only applies to specialchars in the lower 128 byte range. The ACL file uses UTF-8 encoding so any multibytechars can be written as is. This only applies when a backend different from the [[.auth: | + | |
- | + | ||
- | The DokuWiki manual describes the ACL system. | + | |
- | DokuWiki has been configured to | + | |
- | In order to allow/ | + | |
- | DokuWiki has | + | |
- | * authentication of CSE users | + | |
- | * built-in " | + | |
- | * " | + | |
- | * groups can contain CSE users, system groups, or distribution lists | + | |
- | * include: | + | |
- | * include: | + | |
- | * include: | + | |
- | + | ||
- | + | ||
- | + | ||
- | By default, any user in the world has the ability to view all the content in your Wiki. Administrators have access to edit content. | + | |
- | + | ||
- | If you need to restrict content on your site, you will be able to restrict content to groups that you create. | + | |
- | + | ||
- | ALL cse users are automatically registered with your Wiki and have the ability to login. | + | |
+ | * By default, nobody has access to the '' | ||
+ | |
wiki/acl.1187962410.txt.gz · Last modified: 2007/08/24 09:33 (external edit)