Rights Management
XWiki allows you to control all access permissions at a fine grained level. There are different levels of control and these rights are cumulative. The rights for a page override the rights for a space, which override the rights for a wiki.
Thanks to the three levels of control offered by XWiki, it becomes quite easy to manage places where people are allowed to read, write and comment - or not allowed to.
For instance, say you have managers and staff in the marketing and IT department: you can create a group for the staff on each department and another for managers (4 in all), and a space for every category. Then you can choose to let marketing staff access the marketing space only, but let marketing managers have access to the IT space at the staff level (but not IT manager level), and so on...
Rights at the wiki level
Click on the "Wiki" menu and then on "Administer Wiki". Click on the "Rights" link located under "Users & Groups" as shown in the following images:
Since XWiki 7.2M3, the "Administer Link" is located in the Drawer, that you can enable by clicking on the top right icon.
Here's how you can change permissions:
- Select the Users or Groups for which you want to set a permission.
- Click once in a checkbox to allow a right, twice to deny it and three times to clear the right (delete the entry). As a result, rights entries are saved automatically, using the Ajax technology.
There are some default users and groups you need to know about:
- Unregistered Users: represents the anonymous user (i.e., a user not logged in)
- XWikiAllGroup: represents all groups
- XWikiAdminGroup: represents all users with admin privileges
Rights at the space level
In order to edit rights at the space level you need to click on the "Space" menu (located on the top bar), click "Administer Space" and then click on the "Rights" link.
Then use exactly the same steps as the ones used for changing global rights.
Since 7.2 RC 1, the notion of space does not exist anymore. But you can change the rights of the parent page, and it will affect the current page. See the next section to know more about this.
Note: on terminal pages (documents that cannot have child), there is an "Administer Parent" button in the "more actions" menu:
Rights at the page level
Simply navigate to the page for which you wish to change the permissions. Click on the arrow in the "Edit" menu and then on "Access Rights":
Since 7.2 RC 1, there is 2 ways to get to this page:
- if you are on a terminal page (a page that cannot have child), it's still on the same place (edit > access rights).
- if not, you have to go to the actions menu (the menu with 3 vertical dots) and then click on "Administer Page":
In this page, you will have 2 choices:- "Rights: Page & Children" for the rights of this page that also affect the children of the page:
- "Rights: Page" for the rights of this page only (children are not affected):
- "Rights: Page & Children" for the rights of this page that also affect the children of the page:
Activating CAPTCHAs for anonymous comments
Go to the "Rights" administration page and tick the Require unregistered users to solve a captcha when posting a comment on a page check box as show on the following image:
Note that you also need to give the Comment right to unregistered users. After you've done so unregistered users will see the following when entering a comment on a page:
