Difference: TWikiAccessControl (43 vs. 44)

Revision 442017-08-09 - TWikiContributor

Line: 1 to 1
 

TWiki Access Control

Line: 83 to 83
 
  • Set GROUP = RobertCailliau, TimBernersLee
A member of the Super Admin Group has unrestricted access throughout the TWiki, so only trusted staff should be added to this group.
Added:
>
>
On a large TWiki installation having hundreds or thousands of webs, a single super admin group may not be able to take care of all of those webs. One way to deal with that is to have a super admin group for each web. AutonomousWebs shows how to.
 

Restricting Access

Line: 136 to 138
 For example, set this to restrict a topic to be viewable only by the MarketingExecGroup:
  • Set ALLOWTOPICVIEW = Main.MarketingExecGroup
Added:
>
>
You may want to allow or deny access to a topic in addition to the ALLOWEB* or DENYWEB* specifies. In that case having + as the first non-space character of ALLOWTOPIC* or DENYTOPIC* has that effect. For example, the following setting allows view by MarketingExecGroup in addition to the people ALLOWWEBVIEW allows.
  • Set ALLOWTOPICVIEW = + Main.MarketingExecGroup
 See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

ALERT! If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

Line: 219 to 225
 
    • everyone else will be DENIED
  1. If you got this far, access is PERMITTED

Changed:
<
<

Allowing web creation by user mapping manager

>
>

Allowing web creation/deletion/rename by user mapping manager

 
Changed:
<
<
There are cases where DENYROOTCHANGE, ALLOWROOTCHANGE, DENYWEBCHANGE, and ALLOWWEBCHANGE, and DENYWEBCHANGE are not capable enough to implement web creation permission you want. To cope with such cases, when a new web is created, the canCreateWeb($cUID, $web) method of the user mapping manager is called if the method exists.
>
>
There are cases where DENYROOTCHANGE, ALLOWROOTCHANGE, DENYWEBCHANGE, and ALLOWWEBCHANGE, and DENYWEBCHANGE are not capable enough to implement web creation and rename permissions you want. To cope with such cases, when a new web is created, the canCreateWeb($cUID, $web) method of the user mapping manager is called if it exists.
 If it returns true, TWiki goes ahead and create the web without checking access control variables.
Added:
>
>
Similarly, when a web is renamed (deletion is a form of rename), the canRenameWeb($cUID, $oldWeb, $newWeb) method of the user mapping manager is called if it exists.
 Please read AllowWebCreateByUserMappingManager for more details.

Forbid certain users to do certain actions by configuration

Line: 526 to 533
 
Changed:
<
<
Related Topics: AdminDocumentationCategory, TWikiUserAuthentication, AllowWebCreateByUserMappingManager, UserMasquerading, CustomUserGroupNotations, TWiki:TWiki.TWikiAccessControlSupplement
>
>
Related Topics: AdminDocumentationCategory, TWikiUserAuthentication, AllowWebCreateByUserMappingManager, AutonomousWebs, UserMasquerading, CustomUserGroupNotations, TWiki:TWiki.TWikiAccessControlSupplement
  -- Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiAccessControl.