TWiki Access Control
Controlling access on the SIte level
- To edit a topic a user will be asked to login using the CERN account
- Most TWiki transactions will require authentication except
views
on public pages.
Controlling access to a Web
We administrators can define restrictions on who is allowed to view or edit inside a TWiki web.
For ACLs you can use TWikiUsers, TWikiGroups and egroups. However
egroups is the preferred and CERN supported method.
- We administrators can define these settings in the WebPreferences topic, preferable towards the end of the topic:
-
Set DENYWEBVIEW = < comma-delimited list of Users and Groups >
-
Set ALLOWWEBVIEW = < comma-delimited list of Users and Groups >
-
Set DENYWEBCHANGE = < comma-delimited list of Users and Groups >
-
Set ALLOWWEBCHANGE = < comma-delimited list of Users and Groups >
-
Set DENYWEBRENAME = < comma-delimited list of Users and Groups >
-
Set ALLOWWEBRENAME = < comma-delimited list of Users and Groups >
- All new TWiki webs at CERN are created with the following settings:
-
Set DENYWEBVIEW = TWikiGuest
-
Set ALLOWWEBVIEW =
-
Set DENYWEBCHANGE = TWikiGuest
-
Set ALLOWWEBCHANGE = TWikiAdminGroup
-
Set DENYWEBRENAME = TWikiGuest
-
Set ALLOWWEBRENAME =
- The web administrators are responsible for these settings.
Controlling access to a Topic
- Users can define these settings in any topic, preferable towards the end of the topic:
-
Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >
-
Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >
-
Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >
-
Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >
-
Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >
-
Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >
- For example, set this to restrict a topic to be viewable only by the user JohnDoe:
-
Set ALLOWTOPICVIEW = Main.JohnDoe
- You may want to completely open up access to a specific topic within a restricted web - allowing access by anybody. There is a special group for that - AllUsersGroup. The following setting allows view access to the topic by anybody even if they are not authenticated.
- Alternatively, you can grant access only to authenticated users by AllAuthUsersGroup. If an unauthenticated user accesses a topic having the following setting, they are asked to authenticate themself.
For more details information see
TWikiAccessControl
PeterJones - 2016-11-18