Page Permissions
Table of contents
Overview
The 'restriction access' dialog allows page permissions to be managed through a combination of restrictions and grants. Simply put, restrictions remove rights, while grants add rights. This manifests in UI form:
Restrictions
The use of restrictions allow a page or an entire directory of pages to be limited in terms of what users or groups of users can read them and who can edit them.
Currently there are three modes of operation:
- Public: All users can read and edit
- Semi-Public: All users can read, but only selected users and groups can edit
- Private: Only selected users and groups can read and edit
Grants
Grants are given to users or groups to allow read and/or write access to a page that isn't 'public'.
- A grant explicitly allows specific users or a groups of users to perform various actions to pages such as the ability to read or/and write.
- For example, a page restricted as private can have grants given to specific users or groups that would allow the page to be read and edited. In this case, only the users with the grants have access to the page.
- Group permissioning is supported with external groups - these groups appear prefixed with "»" to differentiate them from users in both the autocompletion and in the grant list
Special Use Cases
- An administrator always have access to a restricted page
- Other users (including administrators) may not restrict pages in your User: namespace
Features
- Restriction actions may only be applied to pages where the restrictor has changepermission access
- Restrictions can optionally apply recursively to all descendants of a page, even children of pages the restrictor does not have access to
Behavior when applying permissions recursively
Short Technical Explanation
When a restriction operation is executed, the delta of the grant list on the initial page is propagated (and is cascaded down to the children if necessary). The restriction overwrites itself on any child page which the user has write access to.
Case 1: Simple Restriction
Bob goes to the "Restrict Access" dialog from Page A and sets the restriction to Private from Public, selecting only user Bob:
Result: All children of page A are now Private only to Bob.
Case 2: Restriction a page with children that are not accessible
In this case, Page C and Page E were restricted to Private by Jane, with Jane being the only user able to read or write to these pages. Bob then comes along and sets Page A to Private for himself.
Result: Page D, which was a public page, is also made Private to Bob, but Page C and Page E are still restricted to Private for Jane; Bob does not have access to Page C or Page E.
Case 3: Restricting a page with a child of a different restriction type
In this case, Page C was restricted to Semi-Public by Jane, and Bob was added as a users who can write to this page. Bob then wants to restrict Page A to Private for himself.
Result: Both Pages C, Pages D and Page E are now restricted to Private for Bob, but Jane still has access to Page C (her grant was not removed).
- Tag page
- What links here
Files 4
Copyright © 2011 MindTouch, Inc. Powered by