Tags:
create new tag
view all tags

Question

Hi,

we have one certain topic (among others) in our TWiki that is used to place some anouncements. Two groups should be allowed to edit this topic. Therefore, I use "Set ALLOWTOPICCHANGE = group1, group2" right in the topic.

How to prevent that during editing this topic, the permission settings are changed/removed?

I guess, the setting has to be placed somewhere else. But where?

Thanks, Michael

Environment

TWiki version: TWikiRelease04x01x01
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Debian Linux, Kernel 2.4.19
Web server: Apache/2.0.54
Perl version: Perl/v5.8.4
Client OS: various
Web Browser: various
Categories: Permissions

-- TWikiGuest - 13 Mar 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Technically you can't deny a person who has edit rights to a topic from changing the access permission on that topic. However, you can somewhat hide the access control settings from normal use and browser viewing by putting them into the topic-local settings. You can access those settings via the "More" screen, as explained in TWikiVariables.

-- PeterThoeny - 14 Mar 2007

That's a pity. From my point of view, this is a real technical drawback and I couldn't really believe it.

I think hiding the access control isn't a real solution, because it relies only on the ignorance of the users. Instead, I will try it the "open" way first ("These are the access rights, please don't touch!" ;). If it fails, I will use a separate web.

Thanks a lot for the anser, Michael

-- TWikiGuest - 14 Mar 2007

Michael - you should check what Peter is referring to: the "topic settings" under "more topic actions." You can put access settings there and it's very unlikely users will mess with them during normal edits.

-- LynnwoodBrown - 14 Mar 2007

I noted the "topic settings" before. But, this prevents only an "accidental" removal of settings. An "intentional" removal is still possible. Hiding the access settings provides no security. It's just "security through obscurity" and since twiki is an open system (I appreciate that) there's no true place to hide.

For instance, a solution (from my point of view) would be the following:

  1. separate access permissions for editing the "topic settings", and
  2. everything in "topic settings" overrides the ordinary settings in the topics

Or something like this.

Michael

-- TWikiGuest - 19 Mar 2007

Michael, a paradigm shift is happening with wikis. Please read TWikiAccessControl.

-- PeterThoeny - 19 Mar 2007

I red it and I'm fine with that. But, I'm making a difference between writing content and writing settings. Even though everybody should be able to write content, this should not entail that everybody is allowed to keep others from reading and writing the content.

Michael

-- TWikiGuest - 20 Mar 2007

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2007-03-20 - TWikiGuest
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.