Show last authors
1 {{box cssClass="floatinginfobox" title="**Contents**"}}
2 {{toc/}}
3 {{/box}}
4
5 = View Right =
6
7 The view right gives the user the ability to view a document or load it using the API.
8
9 * Availability: Page and Wiki level.
10 * Default status: ALLOWED
11 * Priority order: deny > allow > no setting
12 * Checking order: page > wiki
13
14 = Comment Right =
15
16 The comment gives the user the ability to add a comment, but not to edit or delete it.
17
18 * Availability: Page and Wiki level.
19 * Default status: ALLOWED
20 * Priority order: deny > allow > no setting
21 * Checking order: page > wiki
22
23 In order to be able to edit or delete your own comments, you need to have edit rights on the page. Also, you won't be able to edit or delete the comments of other users, unless you have administration rights.
24
25 = Edit Right =
26
27 The edit allows you to edit the page and all of its objects.
28
29 * Availability: Page and Wiki level.
30 * Default status: ALLOWED
31 * Priority order: deny > allow > no setting
32 * Checking order: page > wiki
33
34 = Delete Right =
35
36 The delete right allows you to move a page to the recycle bin.
37
38 * Availability: Page and Wiki level.
39 * Default status: DENIED (unless you're the document creator)
40 * Priority order: deny > allow > no setting
41 * Checking order: page > wiki
42
43 = Special Permissions =
44
45 == Administration Right ==
46
47 The administration right can only be granted at page or wiki level. A very important detail is that the wiki administrator cannot have his/her administration rights denied for a page. Also, having administration rights imply the view, comment, edit and delete permissions with the added ability to permanently delete a page from the recycle bin.
48
49 * Availability:
50 ** page (Automatically includes the view, comment, edit, delete rights)
51 ** Wiki (Automatically includes the view, comment, edit, delete, register)
52 * Default status: DENIED
53 * Priority order: allow > deny > no setting
54 * Checking order: wiki > page
55
56 == Programming Right ==
57
58 A programmer is allowed to execute arbitrary Java code in the wiki, so any page which was last saved by an user with programmer rights can run dangerous scripts. Because it affects the entire wiki (or wiki farm), programming rights can only be granted from the wiki preferences page in a single wiki environment or from the main wiki in a multi-wiki environment.
59
60 * Availability: Main wiki level (automatically implies LOGIN, VIEW, EDIT, DELETE, REGISTER, COMMENT, SCRIPT, ADMIN, see the documentation for the [[security module>>extensions:Extension.Security Module]])
61 * Default status: DENIED
62 * Priority order: allow > deny > no setting
63 * Checking order: wiki
64
65 == Register Right ==
66
67 The register right is usually granted or revoked for the non-registered pseudo-user "XWiki.XWikiGuest". This permission can only be set from the wiki preferences page.
68
69 * Availability: Wiki level
70 * Default status: ALLOWED
71 * Priority order: allow > deny > no setting
72 * Checking order: wiki
73
74 == Create Wikis Right ==
75
76 The "createwiki" right can only be granted via the main wiki, just like programming rights. .
77
78 * Availability: Main wiki level
79 * Default status: DENIED
80 * Priority order: allow > deny > no setting
81 * Checking order: wiki
82
83 == Script Right ==
84
85 The "Script" right was introduced in version 7.2 in order to control who has the right to write scripts. Anyone with edit rights can write a script in a wiki page. However, when the page is rendered, the script will only execute if the last author of the page has the "Script" right.
86
87 For backward-compatibility reasons, the standard XWiki distribution comes with the "Script" right being allowed for all users at the main wiki level. So, unless an administrator explicitly revokes the right for some users or groups, they will be able to execute the scripts they wrote.
88
89 * Availability: Page and Wiki level.
90 * Default status:
91 ** ALLOWED on the main wiki
92 ** DENIED on sub-wikis
93 * Priority order: deny > allow > no setting
94 * Checking order: page > wiki
95
96 = Tabular view =
97
98
99 |=Right|=Description|=Default ^^1)^^|=Priority ^^2)^^|=Order|=Remarks
100 |**View**|The view right gives the user the ability to view a document or load it using the API.|Allow|deny >
101 allow >
102 no setting|page > wiki|
103 |**Comment**|The comment gives the user the ability to add a comment, but not to edit or delete it.|Allow|deny >
104 allow >
105 no setting|page > wiki|In order to be able to edit or delete your own comments, you need to have edit rights on the page. Also, you won't be able to edit or delete the comments of other users, unless you have administration rights.
106 |**Edit**|The edit allows you to edit the page and all of its objects.|Allow|deny >
107 allow >
108 no setting|page > wiki|
109 |**Delete**|The delete right allows you to move a page to the recycle bin.|Deny|deny >
110 allow >
111 no setting|page > wiki|
112 |**Administration**|The administration right can only be granted at page or wiki level. A very important detail is that the wiki administrator cannot have his/her administration rights denied for a page. Also, having administration rights imply the view, comment, edit and delete permissions with the added ability to permanently delete a page from the recycle bin.|Deny|allow >
113 deny >
114 no setting|wiki > page|(((
115 Page (Automatically includes the view, comment, edit, delete rights)
116
117
118 Wiki (Automatically includes the view, comment, edit, delete, register)
119 )))
120 |**Programming**|A programmer is allowed to execute arbitrary Java code in the wiki, so any page which was last saved by an user with programmer rights can run dangerous scripts. Because it affects the entire wiki (or wiki farm), programming rights can only be granted from the wiki preferences page in a single wiki environment or from the main wiki in a multi-wiki environment.|Deny|allow >
121 deny >
122 no setting|wiki|Main wiki level (automatically implies LOGIN, VIEW, EDIT, DELETE, REGISTER, COMMENT, SCRIPT, ADMIN, see the documentation for the [[security module>>url:https://extensions.xwiki.org/xwiki/bin/view/Extension/Security%20Module]])
123 |**Register**|The register right is usually granted or revoked for the non-registered pseudo-user "XWiki.XWikiGuest". This permission can only be set from the wiki preferences page.|Allow|allow >
124 deny >
125 no setting|wiki|Wiki level only
126 |**Create Wikis**|The "createwiki" right can only be granted via the main wiki, just like programming rights|Deny|allow >
127 deny >
128 no setting|wiki|Main wiki level only
129 |**Script**|(((
130 The "Script" right was introduced in version 7.2 in order to control who has the right to write scripts. Anyone with edit rights can write a script in a wiki page. However, when the page is rendered, the script will only execute if the last author of the page has the "Script" right.
131 )))|(((
132 Allow (Main Wiki)
133
134 Deny (Sub Wiki)
135 )))|deny >
136 allow >
137 no setting|wiki|For backward-compatibility reasons, the standard XWiki distribution comes with the "Script" right being allowed for all users at the main wiki level. So, unless an administrator explicitly revokes the right for some users or groups, they will be able to execute the scripts they wrote.
138
139 ^^1)^^ TBD
140
141 ^^2)^^ For “deny > allow”, any encounter of a explicit deny will deny the permission
142 For “allow > deny”, allow right will overrule any implicit or explicit deny
143
144
145 [[Another table with additional information about implied rights, inheritance and more>>extensions:Extension.Security Module||anchor="HDefaultrightsbeingpredefined"]].

Get Connected