I have a web that contains a mixture of topics, all related to research and engineering of a range of products, and almost all highly sensitive.

I also have three partner companies who I need to be able to interact with my team on projects. The partner companies each needs access to a different subset of the topics.

Now, here's the rub. The three partner companies know about eachother, and expect to be able to collaborate. So a Venn diagram of the security problem looks like this:

.-------------------------------------------.
|  All topics                               |
|                                           |
|      .-----------------.                  |
|      |                 |                  |
|      |   Partner 1     |                  |
|      |            .----+------------.     |
|      |            |    | Partner 2  |     |
|      |      .-----+----+-----.      |     |
|      |      |     |    |     |      |     |
|      |      |     |    |     |      |     |
|      `------+-----+----'     |      |     |
|             |     |          |      |     |
|             |     `----------+------'     |
|             | Partner 3      |            |
|             `----------------'            |
|                                           |
`-------------------------------------------'

The users in this context are technical, but not particularly au fait with computers. Any security system has to be very simple and easy to use.

Any suggestions on how to organise the security in this environment would be welcome. Note that setting up eight different webs to handle the different access permutations is not an option. Oh, and I might add other partners at any point.

-- CrawfordCurrie - 02 Mar 2004

Thought I never came across Venn diagram before , but if you are looking for flexibility, power of 2 numbers are quite useful ( powerful ).

This has been mentionned somewhere else in TWiki.org for permission on FormFields, but I could not find the Topic right now.

If you number your groups (using a variable) :

now if you give each topic a number (setting a variable or with a multiselect form) : Example:

the permission can be easily tested in Perl using the binary and ( & )

now each user could be in more than group too and the binary and would still work.

ie: a user with a group number of 63 would have access to all the topics unless the topic number would be 0 (no access).

I believe it could be used to handle some kind of LogicalWeb too without too much programming or CPU usage.

-- MarcelTrap - 03 Mar 2004

Sorry, I should have made clear hte absolute constraint that this has to work in today's TWiki, no code changes, no hacks. I know I could change the security system to suit, but I don't want to.

-- CrawfordCurrie - 03 Mar 2004

Your Venn diagram could be represented by the following table:

1 --> allow

0 --> deny

Create the 8 TopicTemplates each with the appropriate * set DENYTOPIC...*

using the form given in MultipleTemplatesPerWeb :

may be ? Looks like there is no DENYTOPICREAD.. ?

well I don't know!

-- MarcelTrap - 03 Mar 2004

I just ran across this while looking for something else. Couldn't your problem be solved with TWikiGroups? Each "sensitive" topic would have a TOPICALLOWVIEW for the group that should see it.

-- BruceDawson - 06 Oct 2005