From version 29.1
edited by Xavier Richard
on 2018/11/02
To version 30.1
edited by Beat Burgener
on 2019/08/11
Change comment: Add tabular view

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.xrichard
1 +XWiki.BeatBurgener
Content
... ... @@ -92,3 +92,52 @@
92 92  ** DENIED on sub-wikis
93 93  * Priority order: deny > allow > no setting
94 94  * Checking order: page > wiki
95 +
96 += Tabular view =
97 +
98 +
99 +|=Right|=Description|=Default ^^1)^^|=Priority ^^2)^^|=Order|=Remarks
100 +|**View**|The view right gives the user the ability to view a document or load it using the API.|Allow|deny >
101 +allow >
102 +no setting|page > wiki|
103 +|**Comment**|The comment gives the user the ability to add a comment, but not to edit or delete it.|Allow|deny >
104 +allow >
105 +no setting|page > wiki|In order to be able to edit or delete your own comments, you need to have edit rights on the page. Also, you won't be able to edit or delete the comments of other users, unless you have administration rights.
106 +|**Edit**|The edit allows you to edit the page and all of its objects.|Allow|deny >
107 +allow >
108 +no setting|page > wiki|
109 +|**Delete**|The delete right allows you to move a page to the recycle bin.|Deny|deny >
110 +allow >
111 +no setting|page > wiki|
112 +|**Administration**|The administration right can only be granted at page or wiki level. A very important detail is that the wiki administrator cannot have his/her administration rights denied for a page. Also, having administration rights imply the view, comment, edit and delete permissions with the added ability to permanently delete a page from the recycle bin.|Deny|allow >
113 +deny >
114 +no setting|wiki > page|(((
115 +Page (Automatically includes the view, comment, edit, delete rights)
116 +
117 +
118 +Wiki (Automatically includes the view, comment, edit, delete, register)
119 +)))
120 +|**Programming**|A programmer is allowed to execute arbitrary Java code in the wiki, so any page which was last saved by an user with programmer rights can run dangerous scripts. Because it affects the entire wiki (or wiki farm), programming rights can only be granted from the wiki preferences page in a single wiki environment or from the main wiki in a multi-wiki environment.|Deny|allow >
121 +deny >
122 +no setting|wiki|Main wiki level (automatically implies LOGIN, VIEW, EDIT, DELETE, REGISTER, COMMENT, SCRIPT, ADMIN, see the documentation for the [[security module>>url:https://extensions.xwiki.org/xwiki/bin/view/Extension/Security%20Module]])
123 +|**Register**|The register right is usually granted or revoked for the non-registered pseudo-user "XWiki.XWikiGuest". This permission can only be set from the wiki preferences page.|Allow|allow >
124 +deny >
125 +no setting|wiki|Wiki level only
126 +|**Create Wikis**|The "createwiki" right can only be granted via the main wiki, just like programming rights|Deny|allow >
127 +deny >
128 +no setting|wiki|Main wiki level only
129 +|**Script**|(((
130 +The "Script" right was introduced in version 7.2 in order to control who has the right to write scripts. Anyone with edit rights can write a script in a wiki page. However, when the page is rendered, the script will only execute if the last author of the page has the "Script" right.
131 +)))|(((
132 +Allow (Main Wiki)
133 +
134 +Deny (Sub Wiki)
135 +)))|deny >
136 +allow >
137 +no setting|wiki|For backward-compatibility reasons, the standard XWiki distribution comes with the "Script" right being allowed for all users at the main wiki level. So, unless an administrator explicitly revokes the right for some users or groups, they will be able to execute the scripts they wrote.
138 +
139 +^^1)^^ TBD
140 +
141 +^^2)^^ For “deny > allow”, any encounter of a explicit deny will deny the permission
142 + For “allow > deny”, allow right will overrule any implicit or explicit deny
143 +

Get Connected