This question about Authentication or Authorisation: Closed unanswered
I want to set up an internal foswiki to which only authorized users have access to and can view/edit the contents
I want to set up an internal foswiki to which only authorized users have access to and can view/edit the contents. One way of doing this is to modify the .htaccess file for the folder and generate as many as authorized users. But that is not very secure, so I don't want to use it
Is there any way to do this in Foswiki.
- 31 Jul 2010
Take a look at the System.AccessControl
topic in your installation. Especially ManagingGroups
Create a new group called TrustedGroup
- this group will contain a list of users that you trust.
Use the following in your Main.SitePreferences
(or just on the WebPreferences
topic in each web that you want secured):
* Set ALLOWTOPICVIEW = Main.TrustedGroup
* Set ALLOWTOPICCHANGE = Main.TrustedGroup
If you'd rather let any
authenticated user access/edit your wiki withou maintaining a TrustedGroup, use this:
* Set DENYTOPICVIEW = Main.WikiGuest
* Set DENYTOPICCHANGE = Main.WikiGuest
- 02 Aug 2010
Following up our conversation on IRC #foswiki, I'd like to comment that (according to our discussion in the chat) SitePreferences
does not export/override access control rights. Therefore, it cannot serve for settting default rights for all webs. One rather has to define them separately in each web's WebPreference
Please comment if I understood this correctly and if any change to that behaviour is planned. If no change to this behaviour is planned, this answer as well as Foswiki's documentation should be updated.
- 16 Nov 2010