wiki:acl
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
wiki:acl [2007/08/14 15:52] – external edit 127.0.0.1 | wiki:acl [2007/08/24 09:51] (current) – jas | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== Access Control ====== |
- | In order to understand how to control | + | Access Control is broken down into Authentication, |
- | The following groups come preconfigured with our DokuWiki installation: | + | ===== Authentication ===== |
+ | |||
+ | By default, all local Wikis have been setup to allow everyone with a CSE account to login. | ||
+ | |||
+ | ===== Authorization ===== | ||
+ | |||
+ | Authorization can be broken down into two areas -- groups and access control lists (ACLs). | ||
+ | |||
+ | ==== Groups ==== | ||
+ | |||
+ | DokuWiki users can be placed into groups. | ||
^Group^Description^ | ^Group^Description^ | ||
|cse|Any user who has a CSE system account is in the cse group.| | |cse|Any user who has a CSE system account is in the cse group.| | ||
- | |wiki|Any user that you create locally on your wiki is in the wiki group.| | + | |wiki|Any user that you create locally on your Wiki is in the wiki group.| |
- | |ALL|This group includes all users on your wiki - those in the cse group, wiki group, and even those who haven' | + | |ALL|This group includes all users on your Wiki - those in the cse group, wiki group, and even those who haven' |
+ | |user|This group contains all self-registered users on your Wiki.| | ||
+ | |||
+ | You can manually add users to groups through the User Manager in the Admin menu. You cannot remove users from the cse, wiki, or ALL groups. | ||
+ | |||
+ | Each group is represented by a Wiki page in the ": | ||
+ | |||
+ | There are two ways to add a user to a group. | ||
+ | |||
+ | To edit an existing group through the Wiki system, you can visit the group namespace through the Wiki " | ||
+ | |||
+ | https:// | ||
+ | |||
+ | When you visit the URL, and click the " | ||
+ | |||
+ | In addition to being able to modify group files manually, you can use some special syntax in order to allow you to include system groups (like ugrad or faculty), class distribution lists, other Wiki groups, or even combinations of all of the above. | ||
+ | |||
+ | === System Groups === | ||
+ | |||
+ | In order to manually add a system group to your group file: | ||
+ | |||
+ | include: | ||
+ | |||
+ | For example: | ||
+ | |||
+ | include: | ||
+ | |||
+ | === Class Distribution Lists === | ||
+ | |||
+ | In order to manually add a class distribution list to your group file: | ||
+ | |||
+ | include: | ||
+ | |||
+ | For example: | ||
+ | |||
+ | include: | ||
+ | |||
+ | === Other Wiki Groups === | ||
+ | |||
+ | You can manually add other Wiki groups to your group file: | ||
+ | |||
+ | include: | ||
+ | |||
+ | For example: | ||
+ | |||
+ | include: | ||
+ | |||
+ | ==== Access Control Lists ==== | ||
+ | |||
+ | In general, most Wikis are very open by default. | ||
+ | |||
+ | Access restrictions can be bound to pages and namespaces. There are five permissions: | ||
+ | |||
+ | When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he is in. The rule which gives the highest permission is used. Permissions are checked for the page first, then all upper namespaces are checked until a matching rule is found. | ||
+ | |||
+ | ACLs can be added in two ways. DokuWiki comes with the '' | ||
+ | |||
+ | To add a restriction rule, enter the administration interface by pressing the '' | ||
+ | |||
+ | {{wiki: | ||
+ | |||
+ | Under '' | ||
+ | |||
+ | After you have selected a namespace, under '' | ||
- | By default, any user in the world has the ability | + | If you wish to add an ACL entry to the selected namespace, go to the '' |
- | If you need to restrict content on your site, you will be able to restrict content to groups that you create. | + | Please note the following: |
- | ALL cse users are automatically registered with your Wiki and have the ability to login. What they will see when they login differs based on how you setup the Access Control List. | + | * The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore. |
- | ===== Adding Custom Groups ===== | + | * **order does not matter** in the ACL. The ACL is parsed as whole, then a perfect match for the current page/user combo is searched for. When a match is found, further matching is aborted. If no match is found, group permissions for the current page are checked. If no match is found the check continues in the next higher namespace. |
- | ===== Access Control Lists ===== | + | * The admin of the site has access to everything on the site, no matter what the ACL says. |
- | DokuWiki | + | * By default, nobody |
- | In order to allow/ | + | |
- | DokuWiki has | + | |
- | * authentication of CSE users | + | |
- | * built-in " | + | |
- | * " | + | |
- | | + | |
- | | + | |
- | | + | |
- | * include: | + |
wiki/acl.1187121158.txt.gz · Last modified: 2007/08/16 12:37 (external edit)