Table of Contents
Groups and Access Control
Overall Philosophy
Security is important with anything attached to the Internet.
This wiki is set up so that most of the information is viewable by the public. If it's really sensitive information, it should not be posted on the website.
We also want to make this easy to maintain, so we allow any SVCT volunteer to sign in and add to or update information as needed. Wikipedia has used this model since its inception, with good results. Obviously, not everyone can be trusted to behave themselves, but most people can and this website is easy to roll back, if needed.
We control all this thru user Groups and Access Control.
User Groups
Access is controlled by what Group a user belongs to. There are 4 groups currently set up.
| Group Name | Access |
|---|---|
| user | This is the default assigned to all new volunteers. It allows read and edit access to pretty much everything in the wiki. |
| readonly | SVCT volunteers can be assigned to this group if they've shown that they cannot behave themselves. They can view anything a user can, but cannot change anything. |
| cleaner | In addition to user level access, it allows the person to do mass reverts in case someone tried to really trash the wiki. We will probably never use this group name. |
| admin | Being in this group gives you unlimited access to all parts of the wiki, including adding and deleting users. Restricted to only a few people. |
| @ALL | Not a group name, but this is used below to indicate anyone accessing the website, signed in or not. |
Under normal circumstances, users are assigned to the user group when they are added. Users who misbehave can be assigned to the readonly group.
Group names are case sensitive!
Access Control
The Admin > Access Control List Management page controls who can access what. You can get all the gory details on how this works in the DokuWiki manual. Unless you really know what you're doing, please don't change anything.
For our installation, access control is pretty simple. Users in the admin group are superusers and can access anything on the wiki. Therefore, admin is not listed in Access Control. For the other groups, access is currently set up as follows:
| Page/Namespace | what it means | What type of access is allowed by Group |
|---|---|---|
| * | any page on the website not spelled out below | Visitors not signed in (i.e., @ALL) have read access. readonly has read access. cleaner and user have full edit access. |
| faqs_how_tos:about_this_wiki:admin:* | the Admin Only Notes namespace | No group has access, except for admin superusers. |
| people:* | the People namespace | Visitors not signed in (@ALL) have no access. readonly has read access. cleaner and user have full edit access. |
| playground:* | the Playground namespace where people can try out wiki editing without damaging anything important | cleaner and user have full edit access. Everyone else has no access. |
| Admin (the administration pages) | Fully accessible by admin superusers. Very limited access by cleaner group. Everyone else has no access. Controlled by the Configuration Manager settings. |
|
| If you make any changes to Access Control, please update this table too. | ||
WARNING!
If you change page file names (usually using the Move plugin), MAKE SURE that the Access Control is still working as expected!