Tags:
create new tag
, view all tags

Feature Proposal: Need Higher Granularity for Privileges

Motivation

At present, for a user to be able to edit an existing page, the web must have ALLOWWEBCHANGE "on" for that user. Unfortunately, this means that the user can also create or delete pages unless the page itself has more restrictive permissions.

Description and Documentation

I'd like to see something more akin to Unix permissions. In Unix, you need write permission for the directory in order to create or delete files. You need write permissions for the files in order to edit files.

In TWiki, ALLOWTOPICCHANGE currently applies only to the topic in which the variable is set. I would like to see one of two things:

You could give the ALLOWTOPICCHANGE var global scope - but then how would you prevent changes to the WebPreferences topic and still allow changes to all other topics?

I would suggest a new variable, ALLOWALLTOPICCHANGE (or something similar.

Thus you could set WebPreferences to contain DENYWEBCHANGE ALLOWALLTOPICCHANGE DENYTOPICCHANGE

This would allow users to edit their home topic (and other paages in Main, by default) but not to edit WebPreferences and not to create new topics in Main.

Examples

Impact

WhatDoesItAffect: Auth, Security, Usability, Vars

Implementation

-- Contributors: VickiBrown - 09 Nov 2007

Discussion

erm, why don't you just set WebPreferences as ALLOWTOPICCHANGE = TWikiAdminGroup?

-- CrawfordCurrie - 10 Nov 2007

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2007-11-10 - CrawfordCurrie
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.