DokuWiki

It's better when it's simple

User Tools

Site Tools


acl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
acl [2017-04-17 19:30]
2001:4268:1a1:1410:9c76:10ae:d55:3643 [See also] openregister is the right one here
acl [2017-09-05 10:29] (current)
183.16.192.248
Line 1: Line 1:
-====== Access Control Lists (ACL) ======+====== Access Control Lists (ACL)======
  
 [[DokuWiki]] --- like most wikis --- is very open by default. Everyone is allowed to create, edit and delete pages. However ​sometimes it makes sense to restrict access to certain or all pages. This is when the //Access Control List// (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured. [[DokuWiki]] --- like most wikis --- is very open by default. Everyone is allowed to create, edit and delete pages. However ​sometimes it makes sense to restrict access to certain or all pages. This is when the //Access Control List// (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured.
  
 +{{:​aclexample.png?​400|}}
 ===== Configuration and Setup =====  ===== Configuration and Setup ===== 
  
Line 50: Line 50:
     * by selecting a known group or user from the dropdown menu     * by selecting a known group or user from the dropdown menu
     * or by selecting "​User:"​ or "​Group:"​ and entering the group or user name in the field     * or by selecting "​User:"​ or "​Group:"​ and entering the group or user name in the field
-  - set the appropriate ​permission+  - set the appropriate ​permissions
  
 Existing rules can be modified or deleted in the table at the bottom of the ACL manager. Existing rules can be modified or deleted in the table at the bottom of the ACL manager.
Line 142: Line 142:
 :!: **Note:** When using $conf['​authtype'​] = '​ad';​ and groups names with spaces needing to be written in the acl.auth.php with a "​%5f"​ replacing the spaces instead of "​%20"​. This is because Group names with spaces are first converted into underscores "​_"​ which are "​%5f"​. :!: **Note:** When using $conf['​authtype'​] = '​ad';​ and groups names with spaces needing to be written in the acl.auth.php with a "​%5f"​ replacing the spaces instead of "​%20"​. This is because Group names with spaces are first converted into underscores "​_"​ which are "​%5f"​.
  
-:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore.+:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can only overwrite existing media files if the [[config:​mediarevisions|media revisions]] option is enabled.
  
 ==== User Wildcards ==== ==== User Wildcards ====
Line 155: Line 155:
 # #
 # Grant full access to logged in user's namespace # Grant full access to logged in user's namespace
-user:​%USER%:​* ​         %USER%  ​AUTH_DELETE+user:​%USER%:​* ​         %USER%  ​16
 # #
 # Allow to browse own namespace via the index # Allow to browse own namespace via the index
-user:                  %USER%  ​AUTH_READ+user:                  %USER%  ​1
 # #
 # Allow read only access to start page located in "​user"​ namespace ​ # Allow read only access to start page located in "​user"​ namespace ​
-user:​start ​            ​%USER%  ​AUTH_READ+user:​start ​            ​%USER%  ​1
 # #
 # Disable all access to user's home namespaces not owned by logged in user  # Disable all access to user's home namespaces not owned by logged in user 
 # (include view namespaces via the index) ​ # (include view namespaces via the index) ​
-user:​* ​                ​@user ​  AUTH_NONE+user:​* ​                ​@user ​  0
 # #
 # Allow members of '​group'​ to edit pages in the '​group'​ namespace. # Allow members of '​group'​ to edit pages in the '​group'​ namespace.
-be careful, if you have a user namespace, all members of the default group  +BE CAREFUL, if you have a 'user' ​namespace, all members of the default group  
-# will gain access to it +# will gain access to it since %GROUP% will be replaced literally 
-%GROUP%:​* ​              ​%GROUP% ​AUTH_EDIT+%GROUP%:​* ​              ​%GROUP% ​2
 </​file>​ </​file>​
  
acl.1492450248.txt.gz · Last modified: 2017-04-17 19:30 by 2001:4268:1a1:1410:9c76:10ae:d55:3643