Difference: TWikiAccessControl (11 vs. 12)

Revision 122001-08-31 - MikeMannix

Line: 1 to 1
 
Line: 88 to 88
 
  • Set DENYWEBVIEW = < list of users and groups >
  • Set ALLOWWEBVIEW = < list of users and groups >
Changed:
<
<

Read Access Restriction Notes

>
>

Read Restriction Known Issues

 
  • The view restriction is not suitable for very sensitive content since there is a way to circumvent the read access restriction.
  • Read access restriction only works if the view script is authenticated, that means that users need to log on also just to read topics. TWiki Installation has more on basic authentication based on the .htaccess file.
Changed:
<
<
  • There is a workaround if you prefer to to have unrestricted access to view topics located in normal webs, and to authenticate users only for webs where view restriction is enabled:
>
>
  • There is a workaround if you prefer to have unrestricted access to view topics located in normal webs, and to authenticate users only for webs where view restriction is enabled:
 
    • Leave the view script non authenticated in the .htaccess file.
    • Enable the $doRememberRemoteUser flag in wikicfg.pm as described in TWiki Authentication. TWiki will now remember the IP address of an authenticated user.
    • Copy the view script to viewauth (or better, create a symbolic link)
    • Add viewauth to the list of authenticated scripts in the .htaccess file.
Changed:
<
<
    • When a user accesses a web where you enabled view restriction, TWiki will redirect from the view script to the viewauth script once (this hapens only if the user has never edited a topic). Doing so will ask for authentication. The viewauth script shows the requested topic if the user could log on and if the user is authorized to see that web.
>
>
    • When a user accesses a web where you enabled view restriction, TWiki will redirect from the view script to the viewauth script once (this happens only if the user has never edited a topic). Doing so will ask for authentication. The viewauth script shows the requested topic if the user could log on and if the user is authorized to see that web.
 
  • If you enable view restriction for a web, it is recommended to restrict search "all webs" from searching this web. Enable this restriction with the NOSEARCHALL variable in its WebPreferences, like:
    • Set NOSEARCHALL = on
  • It is not recommended to restrict view access to individual topics since all content is searchable within a web.
Deleted:
<
<
  • The view restriction is not suitable for very sensitive content since there is a way to circumvent the read access restriction.
 
Changed:
<
<

The SuperAdminGroup

>
>

The SuperAdminGroup

  The above schema can lock completely a topic in case of a typing error of the ALLOWTOPICCHANGE setting (see UnchangeableTopicBug). To avoid this:
  • set the $superAdminGroup variable in TWiki.cfg to the name of a group of users that are always allowed to edit/view topics. E.g.:
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiAccessControl.