TWiki Access Control

Controlling access on the SIte level

  • To edit a topic a user will be asked to login using the CERN account
  • Most TWiki transactions will require authentication except views on public pages.

Controlling access to a Web

We administrators can define restrictions on who is allowed to view or edit inside a TWiki web.
For ACLs you can use TWikiUsers, TWikiGroups and egroups. However egroups is the preferred and CERN supported method.

  • We administrators can define these settings in the WebPreferences topic, preferable towards the end of the topic:
    • Set DENYWEBVIEW = < comma-delimited list of Users and Groups >
    • Set ALLOWWEBVIEW = < comma-delimited list of Users and Groups >
    • Set DENYWEBCHANGE = < comma-delimited list of Users and Groups >
    • Set ALLOWWEBCHANGE = < comma-delimited list of Users and Groups >
    • Set DENYWEBRENAME = < comma-delimited list of Users and Groups >
    • Set ALLOWWEBRENAME = < comma-delimited list of Users and Groups >

  • All new TWiki webs at CERN are created with the following settings:
    • Set DENYWEBVIEW = TWikiGuest
    • Set ALLOWWEBVIEW =
    • Set DENYWEBCHANGE = TWikiGuest
    • Set ALLOWWEBCHANGE = TWikiAdminGroup
    • Set DENYWEBRENAME = TWikiGuest
    • Set ALLOWWEBRENAME =

  • The web administrators are responsible for these settings.

Controlling access to a Topic

  • Users can define these settings in any topic, preferable towards the end of the topic:
    • Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >
    • Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >
    • Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >

  • For example, set this to restrict a topic to be viewable only by the user JohnDoe:
    • Set ALLOWTOPICVIEW =  Main.JohnDoe
  • You may want to completely open up access to a specific topic within a restricted web - allowing access by anybody. There is a special group for that - AllUsersGroup. The following setting allows view access to the topic by anybody even if they are not authenticated.
  • Alternatively, you can grant access only to authenticated users by AllAuthUsersGroup. If an unauthenticated user accesses a topic having the following setting, they are asked to authenticate themself.

For more details information see TWikiAccessControl

PeterJones - 2016-11-18

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2020-04-20 - PeterJones
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback