Also available in ((../Deutsch/Zugriffssteuerung Deutsch)), ((../Español/ControlAcceso Español)), ((../Français/GestionDesDroits Française)), ((../Русский/ПраваДоступа Русский)), ((../Polski/PrawaDostępu Polski)), ((../简体中文/访问控制表 简体中文))
{{toc numerate=1}}
===Access rights===
Every page has five access control lists (ACLs), ##read##, ##write##, ##comment##, ##create## and ##upload##, which can be modified by the page owner (usually the user who created the page). ##read## defines who is allowed to view the page, ##write## defines who is allowed to edit it, and ##comment## defines who is allowed to attach comments.
All ACLs are plain text lists containing a number of user names or the ##*## placeholder representing "everyone". Entries can be inverted by appending them with an exclamation mark. For example, while ##*## means "everybody has access", ##!*## means "nobody has access". The exclamation mark modifier works with user names, too, of course.
An empty list implies "nobody has access". For example, if the ##write## ACL only contains the line ##""SomeGuy""##, only the ""SomeGuy"" user has access, but no one else. If it contains a line with ##*## and another line with ##""!SomeGuy""##, it means everybody has access //except// ""SomeGuy"".
The ##read##, ##write##, ##comment##, ##create## and ##upload## ACLs are available for every page on the site; Custom page handlers can introduce extra ACLs as needed.
In WackoWiki you can edit the ACL for every page.
an ACL consists of the following permissions
* **read**
* **write**
* **comment**
* **create**
* **upload**
%%(info type="note")
The values for each permission are:
#|
|| ##""*""## | everyone is allowed ||
|| ##$## | only registered users ||
|| ##!## | a preceding exclamation mark denies the respective right ||
|| ##[UserName]## | names of allowed users ||
|| ##[GroupName]## | names of allowed usergroup (alias) ||
|| ##(an empty list)## | only the page owner has access ||
|#
%%
file:/permissions_handler.png
===Inheritance===
Access rights are inherited. In other words, if you create a new page below an existing (i.e. a child page), this new page will have the same access rights as the parent document for it. Inheritance happens when you create a page, and in consequence the rights of the child or the parent documents can be changed without detriment to each other.
One exception to the inheritance rules is the right to edit the document, which is inherited from the ACL on the creation of sub-pages. That is, for example, if you create sub-pages below this can only Boris and Anna, then, by creating sub-pages, only they will be able to edit it.
===Groups ===
Groups can be administered via the ((/Doc/English/AdminPanel Admin panel)).
file:/ap_groups_en.png
WackoWiki supports groups of users (aliases). Only site administrator can create and edit aliases.
Names of aliases are case independent.
Alias **Admins** is special. All of its members are admins, and, for example, can delete or rename any page.
===Defaults===
After installing the default value for every action is set as defined in config_default.php.
To change the default ACL settings, go to the Settings -> Permissions section in the **((/Doc/English/AdminPanel Admin panel))**.
file:/ap_permissions_en.png
The defaults are stored in ##((Configuration Secondary Config))##:
1. ##default_read_acl##
1. ##default_write_acl##
1. ##default_comment_acl##
1. ##default_create_acl##
1. ##default_upload_acl##
eg: if you want only registered users to be able to edit a page change the default values to:
%%
'default_read_acl' => '*',
'default_write_acl' => '$',
'default_comment_acl' => '$',
'default_create_acl' => '$',
'default_upload_acl' => 'Admins',%%
%%(info type="important" title="Note")
!!Changing the defaults will only affect new created pages.!!
Pages which were created before changing the defaults will keep their original ACL.
%%
If you want to change all acls you could do it with a simple sql query:
%%(sql)UPDATE wacko_acl SET list = '$' WHERE privilege = 'write';%%
If some of the acl's have been set to specific users, it will be better to only update those pages where write privileges are currently set to 'allow all'
%%(sql) UPDATE wacko_acl SET list = '$' WHERE privilege = 'write' AND list = '*'; %%
For comments:
%%(sql) UPDATE wacko_acl SET list = '$' WHERE privilege = 'comment' AND list = '*'; %%
++Note that the prefix ##wacko_## may need to be replaced by the current one in your wiki.++
%%(info type="warning" title="Attention:")
The page **((/Login Login))** must always be set to ##*## for **Read**, otherwise it is no longer possible to log in to the wiki.
%%
===Modi===
====Protective measures====
* Only assign rights that are really necessary.
* Security settings
====Use====
Wiki -> Cluster -> Page
{{include page="!/Modi"}}