Changes for page Access Rights

Last modified by Michael Hamann on 2024/11/28

From version 1.1
edited by Guillaume Lerouge
on 2009/02/24
Change comment: There is no comment for this version
To version 2.1
edited by Guillaume Lerouge
on 2009/02/24
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -15,24 +15,101 @@
15 15  ** ~~Default status: whether the right is allowed or denied when the checkbox is left blank~~
16 16  *** ~~ALLOWED: this means that users CAN perform the given action if no other right is set~~
17 17  *** ~~DENIED: this means that users CANNOT perform the given action if no other right is set~~
18 +** ~~Priority order: which setting wins over another~~
19 +
18 18  * *View:* whether users can see the page
19 19  ** Availability: this right is available at the page, space and wiki level
20 20  ** Default status: ALLOWED
23 +** Priority order: deny > allow > no setting
24 +
21 21  * *Comment:* whether users can add a comment to the page
22 22  ** Availability: this right is available at the page, space and wiki level
23 23  ** Default status: ALLOWED
28 +** Priority order: deny > allow > no setting
29 +
24 24  * *Edit:* whether users can edit and save modifications to the page
25 25  ** Availability: this right is available at the page, space and wiki level
26 26  ** Default status: ALLOWED
33 +** Priority order: deny > allow > no setting
34 +
27 27  * *Delete:* whether users can delete the page
28 28  ** Availability: this right is available at the page, space and wiki level
29 -** Default status: DENIED
37 +** Default status: DENIED (unless you're the document creator)
38 +** Priority order: deny > allow > no setting
39 +
30 30  * *Admin:* whether users can manage administration settings for the space / wiki
31 31  ** Availability: this right is available at the space and wiki level
32 -** Default status: DENIED
42 +** Default status: ALLOWED
43 +** Priority order: allow > deny > no setting
44 +
33 33  * *Register:* whether users can create new user accounts
34 -** Availability: this right is available at the level
46 +** Availability: this right is available at the wiki level
35 35  ** Default status: ALLOWED
48 +** Priority order: allow > deny > no setting
49 +
36 36  * *Program:* whether users can use protected APIs & Groovy code in wiki pages
37 -** Availability: this right is available at the wiki level
51 +** Availability: this right is available at the wiki level
38 38  ** Default status: DENIED
53 +** Priority order: allow > deny > no setting
54 +
55 +1.1 Access Rights execution order
56 +
57 +In XWiki, the check for access rights follows this path:
58 +
59 +First, the wiki tries to find out to which groups the current user belongs to.
60 +
61 +Let's say Mike belongs to the following groups: Sales, Marketing and Management.
62 +
63 +Mike tries to view a page.
64 +
65 +XWiki will:
66 +
67 +* Check for admin rights at the wiki level
68 +** Mike and/or one of his groups has an Allow right -> Mike has admin rights on the page
69 +** Mike and/or one of his groups have a Deny right -> Mike doesn't have admin rights on the page
70 +** Mike and/or the Sales group have a Deny right but the Management group has an Allow right -> Mike has admin rights on the page (Allow wins over Deny for Admin)
71 +** No right set for Mike or his groups and no Admin right set for any other user or group -> Mike has admin rights on the page
72 +** No right set for Mike or his groups and other users or groups have admin rights allowed -> Mike doesn't have admin rights on the page
73 +
74 +* * Check if Mike or one of the groups he belongs to has admin rights on the space
75 +
76 +
77 +* *XWiki Enterprise*
78 +* Admin rights on space? if no,
79 +* Admin rights on wiki? if no,
80 +* View / Comment / Edit / Delete rights on page? if no,
81 +* View / Comment / Edit / Delete rights on space? if no,
82 +* View / Comment / Edit / Delete / Register / Programming rights on wiki? if no,
83 +* The wiki can be accessed and managed by anyone
84 +
85 +
86 +
87 +
88 +* *XWiki Enterprise Manager*
89 +* Admin rights on space? if no,
90 +* Admin rights on wiki? if no,
91 +* Admin rights on wiki farm? if no,
92 +* View / Comment / Edit / Delete rights on page? if no,
93 +* View / Comment / Edit / Delete rights on space? if no,
94 +* View / Comment / Edit / Delete / Register rights on wiki? if no,
95 +* View / Comment / Edit / Delete / Register / Programming rights on wiki farm? if no,
96 +* The wiki farm can be accessed and managed by anyone
97 +
98 +#warning("Setting user rights on a wiki farm can be tricky. Always remember that you can have both local users and global users. Rights for local users are independent of rights for global users.")
99 +
100 +
101 +
102 +
103 +
104 +
105 +
106 +
107 +
108 +
109 +
110 +
111 +
112 +
113 +
114 +
115 +

Get Connected