Changes for page Access Rights
Last modified by Michael Hamann on 2024/11/28
From version 1.1
edited by Guillaume Lerouge
on 2009/02/24
on 2009/02/24
Change comment:
There is no comment for this version
To version 2.1
edited by Guillaume Lerouge
on 2009/02/24
on 2009/02/24
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -15,24 +15,101 @@ 15 15 ** ~~Default status: whether the right is allowed or denied when the checkbox is left blank~~ 16 16 *** ~~ALLOWED: this means that users CAN perform the given action if no other right is set~~ 17 17 *** ~~DENIED: this means that users CANNOT perform the given action if no other right is set~~ 18 +** ~~Priority order: which setting wins over another~~ 19 + 18 18 * *View:* whether users can see the page 19 19 ** Availability: this right is available at the page, space and wiki level 20 20 ** Default status: ALLOWED 23 +** Priority order: deny > allow > no setting 24 + 21 21 * *Comment:* whether users can add a comment to the page 22 22 ** Availability: this right is available at the page, space and wiki level 23 23 ** Default status: ALLOWED 28 +** Priority order: deny > allow > no setting 29 + 24 24 * *Edit:* whether users can edit and save modifications to the page 25 25 ** Availability: this right is available at the page, space and wiki level 26 26 ** Default status: ALLOWED 33 +** Priority order: deny > allow > no setting 34 + 27 27 * *Delete:* whether users can delete the page 28 28 ** Availability: this right is available at the page, space and wiki level 29 -** Default status: DENIED 37 +** Default status: DENIED (unless you're the document creator) 38 +** Priority order: deny > allow > no setting 39 + 30 30 * *Admin:* whether users can manage administration settings for the space / wiki 31 31 ** Availability: this right is available at the space and wiki level 32 -** Default status: DENIED 42 +** Default status: ALLOWED 43 +** Priority order: allow > deny > no setting 44 + 33 33 * *Register:* whether users can create new user accounts 34 -** Availability: this right is available at the level 46 +** Availability: this right is available at the wiki level 35 35 ** Default status: ALLOWED 48 +** Priority order: allow > deny > no setting 49 + 36 36 * *Program:* whether users can use protected APIs & Groovy code in wiki pages 37 -** Availability: this right is available at the wiki level 51 +** Availability: this right is available at the wiki level 38 38 ** Default status: DENIED 53 +** Priority order: allow > deny > no setting 54 + 55 +1.1 Access Rights execution order 56 + 57 +In XWiki, the check for access rights follows this path: 58 + 59 +First, the wiki tries to find out to which groups the current user belongs to. 60 + 61 +Let's say Mike belongs to the following groups: Sales, Marketing and Management. 62 + 63 +Mike tries to view a page. 64 + 65 +XWiki will: 66 + 67 +* Check for admin rights at the wiki level 68 +** Mike and/or one of his groups has an Allow right -> Mike has admin rights on the page 69 +** Mike and/or one of his groups have a Deny right -> Mike doesn't have admin rights on the page 70 +** Mike and/or the Sales group have a Deny right but the Management group has an Allow right -> Mike has admin rights on the page (Allow wins over Deny for Admin) 71 +** No right set for Mike or his groups and no Admin right set for any other user or group -> Mike has admin rights on the page 72 +** No right set for Mike or his groups and other users or groups have admin rights allowed -> Mike doesn't have admin rights on the page 73 + 74 +* * Check if Mike or one of the groups he belongs to has admin rights on the space 75 + 76 + 77 +* *XWiki Enterprise* 78 +* Admin rights on space? if no, 79 +* Admin rights on wiki? if no, 80 +* View / Comment / Edit / Delete rights on page? if no, 81 +* View / Comment / Edit / Delete rights on space? if no, 82 +* View / Comment / Edit / Delete / Register / Programming rights on wiki? if no, 83 +* The wiki can be accessed and managed by anyone 84 + 85 + 86 + 87 + 88 +* *XWiki Enterprise Manager* 89 +* Admin rights on space? if no, 90 +* Admin rights on wiki? if no, 91 +* Admin rights on wiki farm? if no, 92 +* View / Comment / Edit / Delete rights on page? if no, 93 +* View / Comment / Edit / Delete rights on space? if no, 94 +* View / Comment / Edit / Delete / Register rights on wiki? if no, 95 +* View / Comment / Edit / Delete / Register / Programming rights on wiki farm? if no, 96 +* The wiki farm can be accessed and managed by anyone 97 + 98 +#warning("Setting user rights on a wiki farm can be tricky. Always remember that you can have both local users and global users. Rights for local users are independent of rights for global users.") 99 + 100 + 101 + 102 + 103 + 104 + 105 + 106 + 107 + 108 + 109 + 110 + 111 + 112 + 113 + 114 + 115 +
