Page Translation

There are no translations of this page.

Contents

What do you think?

What do you think of this project?




View Results
(Votes: 816)

"I've just installed tikiwiki on my server and I'm following this guide, and I find it useful."
Is Smarties helpful?

Become a Fan

Become a fan.
http://facebook.com/twbasics
Become a fan.

Smart Tweets

Smart Readers



Advertising




Say what?
Print Send a link
Share

TOC Smarties  Next  Using Advanced Features  Next  Using Permissions  Next  How Permissions Work
Previous page Parent page Next page


How Tiki's Permissions Work

It is important to understand that Tiki uses several types of permissions:
  • Group permissions: This is also called global permission. Each site visitor belongs to a Group (such as Anonymous or Registered). The permissions you assign to the group define the global permissions for that user.
  • Category permissions: These permissions define the actions that users can take for objects in a specific category.
  • Object permissions: These permissions define the actions that user can take for an individual object.

Permissions are inherited from from the top-down, but override from the bottom-up.
Figure: This image illustrates the relationship among Group, Category, and Object permissions.
The relationship of Group-Category-Object permissions


Tiki's permissions model may be very complex... but it is also very customizable.

TipTip:
Starting in Release 4.0, Tiki has a dramatically different (and friendlier) method of assigning permissions.

Release 4.x Release 3.x, 2.x

Permissions Example

Consider the following example for a company using Tik:
You have the groups:
  • Anonymous
  • Employees
  • Board of Directors
Figure: The Groups for ABC Company
Listing Groups page


Notice that some groups include other groups. For example, members of the Board of Directors group will include, in addition to their own permissions, the permissions from the Employees, Registered, and Anonymous groups.

You have the categories:
  • Financial Information
  • Press Releases

You want to give:
  • Everyone permission to read most pages
  • Employees permission to edit most wiki pages
  • Board Members only, access to the company's financial information.


Global (Group) Permissions

First, you need to define the global permissions for each group.
Figure: Defining the Global permissions for each group.
Global Permissions


Anonymous

  • To let the general public (that is, anonymous visitors) view wiki pages, assign tiki_p_view to Anonymous.


Employees

  • The Employee group includes the Anonymous group (that is, everyone) and Registered group (that is, users who are logged in). Therefore, the Employee group inherits the tiki_p_view permission from these groups.
  • To let employees edit pages, assign tiki_p_edit to Employees.


Board of Directors

  • The Board of Directors group includes the Anonymous, Registered, and Employees groups. Therefore, the Board of Directors group inherits the tiki_p_view and tiki_p_edit permission from these groups.
    This group does not require any additional permissions.


Category Permissions

Now that the Global permissions are set, you need to adjust the permissions for each category. These settings will override the Global permissions.


Press Releases

Currently, Anonymous can view press releases, and Employees can edit them (as defined by the Global permissions). To allow only the Board of Directors to edit press releases, you must assign permissions to the category. This will override the default group (global) permissions:
  • For the Press Releases category, remove tiki_p_edit from Employee. Now only the Board of Directors group can edit wiki pages in the category.
  • Anonymous visitors (and all groups that inherit the Anonymous group's permissions) can still view the pages.
Figure: Defining the Category permissions for the Press Releases catgeory.
Category Permissions



Financial Information

Currently, Anonymous can view Financial Information, and Employees can edit them. But we want only the Board of Directors to have access (both view and edit) to these pages. You'll need to make the same adjustments to the Financial Information category's permissions:
  • Remove tiki_p_edit from Employee. Now only the Board of Directors group can edit wiki pages in the category.
  • Remove tiki_p_view from Employee, Registered, and Anonymous. Now only the Board of Directors can see the pages.


Object Permissions

But what if you want one item in the Financial Information category, to be visible to the public? You can override all other permissions, by assigning specific permissions to the object itself. For example, the ABC Company may have a public disclosure form, issued by the government, that it needs to make public (but that only the government can change or update):
  • For the individual item, remove tiki_p_edit from the Employee and Board of Directors group. Since this form is issued by the government, no one should be able to change it.
  • Anonymous visitors (and all groups that inherit the Anonymous group's permissions) can still view the pages.
Figure: Assigning object-specific permissions to the PublicDisclosure page.
Object Permissions




Previous page Parent page Next page
Contributors to this page: Rick Sapir... and 501 readers.
Page last modified on Thursday, February 04, 2010 08:00:52 am EST by Rick Sapir.
The content on this page is licensed under the terms of the Creative Commons Attribution-Share Alike 3.0 License.  
KeyContent.org logo. Published by KeyContent.org.
Print Send a link
Share