ScrewTurn Wiki is looking for volunteers.
Head to
our blog
for details.
Search:
»
Welcome,
Guest
•
Login
Jump to
<root>
Customize
Dev
Help
Download
Help + Forum
Customize
Develop
Blog
ScrewTurn Wiki Hosting
Forum
Installing/Updating ScrewTurn Wiki
Configuration and Administration
Managing Permissions
Managing Providers
Changing Data Providers
Day-to-day Usage
WikiMarkup
Snippets and Templates
Maintenance
Back
ScrewTurn Wiki Permissions System (ACL)
Modified on Wed, 14 Oct 2009 16:39
by
Dario Solera
Categorized as
Uncategorized
''ScrewTurn Wiki 3.0'' features an advanced permissions system that allows you to configure access rules for namespaces, single pages and upload directories and for some global actions. {toc} ==Introduction== The permissions system in ''STW'' is basically a custom-built ACL (Access Control Lists) engine. An ACL entry determines whether a ''subject'' can perform an ''action'' on a ''resource''. A ''subject'' can either be a ''user'' or a ''user group''. A resource can be a ''namespace'', a ''page'', an ''upload directory'' or a generic global resource called ''globals'' (more on this later). Actions are resource-specific and define activities that can be performed on a resource and some actions include other actions (for example, if you allow a ''write'' permission on a resource to a user, she is also able to ''read'' the same resource). '''Note''': managing complex permissions schemes might be very difficult and, if done the wrong way, can lead to security issues in your wiki. For this reason, you should be careful not to change permissions in a way that you do not fully understand. ''ScrewTurn Wiki'' is automatically configured with a set of safe permissions that basically allow global read-only access to anonymous users, partial write access to registered users and total access to administrators. ===Users, Groups and Deny Priority=== As said, you can assign permissions to users or groups of users. By default, ''ScrewTurn Wiki'' defines three user groups, ''Anonymous Users'', ''Users'' and ''Administrators'', but you are free to create other groups and assign specific permissions to them. ====General Rules==== # An action can either be ''granted'' (allowed) or ''denied'' (not allowed) # Not granting an action equals denying it (in other words, all grants must be explicit, unless the same action is allowed by a higher-level action or inherited from a higher-level resource) #* If a user is not member of any group and has no specific grants, she has totally no access # ''Deny'' entries have always priority over ''grant'' entries on the same action and resource (unless ''6'' is valid) # If a user is member of one group, she inherits all permissions of the group # If a user is member of multiple groups, ''denials'' have priority over ''grants'' for the same action on the same resource # If a user is member of one or more groups, ''grants'' or ''denials'' assigned to the user have priority over entries assigned to the group (for example, a group can be denied an action but a specific user of the group can be granted it) ==Actions/Resources Reference== General rules as described above are applied to resources and actions that are specific to ''ScrewTurn Wiki''. '''Note''': ''AGB'' means ''Also Granted By'', i.e. the action is also granted by another action. All actions are, by default, also granted by {{Full Control}}, either on the same resource or on ''Globals'': {{Full Control}} is therefore omitted from ''AGB'' lists for brevity. ===Globals=== The following actions are valid for global permissions. Global permissions are assigned to users or groups and are not mapped to any specific resource. <table class="generic"> <tr class="tableheader"><th>Action</th><th>Description</th><th>''AGB''</th></tr> <tr class="tablerow"><td>{{Full Control}}</td><td>Full control on the wiki</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Accounts}}</td><td>Create, Edit, Delete user accounts</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Groups}}</td><td>Create, Edit, Delete user groups</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Pages and Categories}}</td><td>Create, Edit, Delete, Rename, Rollback pages and categories</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Page Discussions}}</td><td>Post, Edit, Delete messages in page discussions (including other users' messages)</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Namespaces}}</td><td>Create, Edit, Delete namespaces</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Configuration}}</td><td>Change the wiki configuration</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Providers}}</td><td>Upload, Configure, Enable/Disable providers</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Files and Directories}}</td><td>Upload, Rename, Delete files and attachments, Create, Rename, Delete directories</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Snippets and Templates}}</td><td>Create, Edit, Delete snippets and templates</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Navigation Paths}}</td><td>Create, Edit, Delete navigation paths</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Meta-Files}}</td><td>Edit meta-files (also known as ''content'', see ''Content Editing'' administration page)</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Manage Permissions}}</td><td>Change permissions of users and groups</td><td>n/a</td></tr> </table> ===Namespaces=== The following actions are valid for namespaces. '''Note''': by default, sub-namespaces inherit permissions from the ''root'' namespace. <table class="generic"> <tr class="tableheader"><th>Action</th><th>Description</th><th>''AGB''</th><th>''AGB'' from ''Globals''</th></tr> <tr class="tablerow"><td>{{Full Control}}</td><td>Full control on the namespace</td><td>n/a</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Read Pages}}</td><td>Read pages</td><td>{{Modify Pages}}, {{Create Pages}}, {{Delete Pages}}, {{Manage Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Modify Pages}}</td><td>Edit pages</td><td>{{Manage Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Create Pages}}</td><td>Create new pages</td><td>{{Manage Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Delete Pages}}</td><td>Delete, Rename pages</td><td>{{Manage Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Manage Pages}}</td><td>Create, Edit, Delete, Rename pages</td><td>n/a</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Read Page Discussions}}</td><td>Read page discussions</td><td>{{Post Msg. in Page Disc.}}, {{Manage Page Disc.}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Post Messages in Page Discussions}}</td><td>Post messages in page discussions</td><td>{{Manage Page Disc.}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Manage Page Discussions}}</td><td>Edit, Delete other users' messages in page discussions</td><td>{{Manage Pages}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Manage Categories}}</td><td>Modify category bindings of pages, create and delete categories</td><td>{{Full Control}}</td><td>{{Manage Pages and Cat.}}</td></tr> <tr class="tablerow"><td>{{Download Attachments}}</td><td>Download page attachments</td><td>{{Upload Attachments}}, {{Delete Attachments}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Upload Attachments}}</td><td>Upload page attachments</td><td>{{Delete Attachments}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Delete Attachments}}</td><td>Delete, Rename page attachments</td><td>n/a</td><td>{{Manage Files}}</td></tr> </table> ===Pages=== The following actions are valid for pages. '''Note''': by default, pages inherit permissions from their namespace. <table class="generic"> <tr class="tableheader"><th>Action</th><th>Description</th><th>''AGB''</th><th>''AGB'' from ''Namespace''</th><th>''AGB'' from ''Globals''</th></tr> <tr class="tablerow"><td>{{Full Control}}</td><td>Full control on the page</td><td>n/a</td><td>n/a</td><td>n/a</td></tr> <tr class="tablerow"><td>{{Read Page}}</td><td>Read the page</td><td>{{Modify Page}}, {{Manage Page}}</td><td>{{Read Pages}}, {{Modify Pages}}, {{Create Pages}}, {{Manage Pages}}, {{Delete Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Modify Page}}</td><td>Edit the page</td><td>{{Manage Page}}</td><td>{{Modify Pages}}, {{Create Pages}}, {{Manage Pages}}, {{Delete Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Manage Page}}</td><td>Delete, Rename the page</td><td>n/a</td><td>{{Manage Pages}}</td><td>{{Manage Pages and Cat.}}, {{Manage Namespaces}}</td></tr> <tr class="tablerow"><td>{{Read Page Discussion}}</td><td>Read the page discussion</td><td>{{Post Msg. in Page Disc.}}, {{Manage Page Disc.}}</td><td>{{Read Page Disc.}}, {{Post Msg. in Page Disc.}}, {{Manage Page Disc.}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Post Messages in Page Discussion}}</td><td>Post messages in the page discussion</td><td>{{Manage Page Disc.}}</td><td>{{Post Msg. in Page Disc.}}, {{Manage Page Disc.}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Manage Page Discussion}}</td><td>Edit, Delete other users' messages in the page discussion</td><td>{{Manage Page}}</td><td>{{Manage Page Disc.}}</td><td>{{Manage Page Disc.}}</td></tr> <tr class="tablerow"><td>{{Manage Categories}}</td><td>Change page category binding</td><td>n/a</td><td>{{Manage Categories}}</td><td>{{Manage Pages and Cat.}}</td></tr> <tr class="tablerow"><td>{{Download Attachments}}</td><td>Download attachments</td><td>{{Upload Attn.}}, {{Delete Attn.}}</td><td>{{Download Attn.}}, {{Upload Attn.}}, {{Delete Attn.}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Upload Attachments}}</td><td>Upload attachments</td><td>{{Delete Attn.}}</td><td>{{Upload Attn.}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Delete Attachments}}</td><td>Delete, Rename attachments</td><td>n/a</td><td>{{Delete Attn.}}</td><td>{{Manage Files}}</td></tr> </table> ===Upload Directories=== The following actions are valid for upload directories, i.e. directories managed with the ''File Management'' interface. '''Note''': directories inherit permissions from their parent. <table class="generic"> <tr class="tableheader"><th>Action</th><th>Description</th><th>''AGB''</th><th>''AGB'' from ''Globals''</th></tr> <tr class="tablerow"><td>{{Full Control}}</td><td>Full control on the directory</td><td>n/a</td><td>n/a</td></tr> <tr class="tablerow"><td>{{List Contents}}</td><td>List the contents of the directory</td><td>{{Download Files}}, {{Upload Files}}, {{Delete Files}}, {{Create Directories}}, {{Delete Directories}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Download Files}}</td><td>Download files</td><td>{{Upload Files}}, {{Delete Files}}, {{Create Directories}}, {{Delete Directories}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Upload Files}}</td><td>Upload files</td><td>{{Delete Files}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Delete Files}}</td><td>Delete, Rename files</td><td>n/a</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Create Directories}}</td><td>Create directories</td><td>{{Delete Directories}}</td><td>{{Manage Files}}</td></tr> <tr class="tablerow"><td>{{Delete Directories}}</td><td>Delete, Rename directories</td><td>n/a</td><td>{{Manage Files}}</td></tr> </table>
Meta Keywords:
Meta Description:
Change Comment:
Side Projects
¶
RESX Synchronizer
allows to synchronize multi-language
.resx
files (used for the development of ScrewTurn Wiki).
Pixel Picker
enables to pick the color of pixels on your screen — very handy for day-to-day graphics-related activities.
About
¶
Copyright ©2006-2012 Dario Solera, Matteo Tomasini and
contributors
. All rights reserved. Some of the icons created by
FamFamFam
.
Contact us
See our
Privacy Policy
.
Powered by ScrewTurn Wiki 3.0.5.613.
This namespace contains 35 pages.