EECS Technical Database

User Tools

Site Tools

You are here: Technical Database » Wiki Publishing » Access Control
Trace:
wiki:acl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
wiki:acl [2007/08/24 09:38] jaswiki:acl [2007/08/24 09:51] (current) jas
Line 73: Line 73:
 When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he is in. The rule which gives the highest permission is used. Permissions are checked for the page first, then all upper namespaces are checked until a matching rule is found. When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he is in. The rule which gives the highest permission is used. Permissions are checked for the page first, then all upper namespaces are checked until a matching rule is found.
  
-ACLs can be added in two ways.  DokuWiki comes with the ''Access Control List Management'' plugin which allows you to add restrictions to namespaces, and pages, but you must be on a page in the namespace that you wish to restrict in order to add restrictions to it.  Alternatively, our local DokuWiki installation has another plugin installed called "SuperACL" which lets you handle ACL restrictions for any page or namespace from one plugin, no matter where you are in the Wiki.  **SuperACL is the recommended plugin to use for Access Control List management. **  The rest of these instructions will focus on using the SuperACL plugin.+ACLs can be added in two ways.  DokuWiki comes with the ''Access Control List Management'' plugin which allows you to add restrictions to namespaces, and pages, but you must be on a page in the namespace that you wish to restrict in order to add restrictions to it.  Alternatively, our local DokuWiki installation has another plugin installed called "SuperACL" which lets you handle ACL restrictions for any page or namespace from one plugin, no matter where you are in the Wiki.  **SuperACL is the recommended plugin to use for Access Control List management. **  The rest of these instructions will focus on using the Super ACL plugin.
  
-To add a restriction rule, enter the administration interface by pressing the ''Admin'' button. There select //SuperACL View//. You're then presented with a table like the following, showing you all restrictions relevant to the current page.+To add a restriction rule, enter the administration interface by pressing the ''Admin'' button. Next, select //Super ACL View//. You are then presented with a table like the following, showing you all restrictions relevant to the current page.
  
 {{wiki:acladmin.jpg|Example of an ACL-Restriction}} {{wiki:acladmin.jpg|Example of an ACL-Restriction}}
  
-Restrictions are added in the top row of the table. You need to select the scope, which can be either the current page itself, or one of the namespaces it is in ((the top-most namespace is called ''*'')). You also need to choose who you want to give (or deny) access to; this can either be a group or a user. And finally, you need to select the actual permissions you want. Selecting none effectivly locks out the specified user or group from the page or namespace..+Under ''Select namespace to administrate'', select the namespace that you will be configuring.  The top-most namespace is called ''*''  
  
-Note: The delete permission affects media files onlyPages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore.+After you have selected a namespace, under ''Permissions for Namespace'', you will see all the permissions that have been defined for the select namespace Here, you can change the permissions or delete them.  If you change the permissions without clicking the ''Update'' button, the permissions will not be saved.  If you wish to delete permissions, click the ''Delete'' button on the line of the permissions that you wish to delete.
  
-Please note that **order does not matter** in the ACL. The ACL is parsed as wholethen a perfect match for the current page/user combo is searched forWhen a match is foundfurther matching is aborted. If no match is found, group permissions for the current page are checkedIf no match is found the check continues in the next higher namespace.+If you wish to add an ACL entry to the selected namespace, go to the ''Add new Entry'' field Select ''User'' or ''Group''enter the user/group in the field provided (eg''ALL''select the permissions, and click the ''Save'' button Selecting no permission effectively locks out the specified user or group from the page or namespace.
  
-Please also note that the admin of the site has access to everything on the site, no matter what the ACL says.+Please note the following:
  
 +  * The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore.
 +
 +  * **order does not matter** in the ACL. The ACL is parsed as whole, then a perfect match for the current page/user combo is searched for. When a match is found, further matching is aborted. If no match is found, group permissions for the current page are checked. If no match is found the check continues in the next higher namespace.
 +
 +  * The admin of the site has access to everything on the site, no matter what the ACL says.
 +
 +  * By default, nobody has access to the ''group'' namespace (except admins).  **For security reasons, please be careful to ensure that you do not remove this restriction.**
 +  
wiki/acl.1187962695.txt.gz · Last modified: 2007/08/24 09:38 by jas