This question about Authentication or Authorisation: Closed unanswered
I want to set up an internal foswiki to which only authorized users have access to and can view/edit the contents
I want to set up an internal foswiki to which only authorized users have access to and can view/edit the contents. One way of doing this is to modify the .htaccess file for the folder and generate as many as authorized users. But that is not very secure, so I don't want to use it
Is there any way to do this in Foswiki.
--
AbhishekGupta - 31 Jul 2010
Take a look at the
System.AccessControl topic in your installation. Especially
ManagingGroups
Create a new group called
TrustedGroup - this group will contain a list of users that you trust.
Use the following in your
Main.SitePreferences (or just on the
WebPreferences topic in each web that you want secured):
* Set ALLOWTOPICVIEW = Main.TrustedGroup
* Set ALLOWTOPICCHANGE = Main.TrustedGroup
If you'd rather let
any authenticated user access/edit your wiki withou maintaining a TrustedGroup, use this:
* Set DENYTOPICVIEW = Main.WikiGuest
* Set DENYTOPICCHANGE = Main.WikiGuest
--
PaulHarvey - 02 Aug 2010
Following up our conversation on IRC #foswiki, I'd like to comment that (according to our discussion in the chat)
SitePreferences does not export/override access control rights. Therefore, it cannot serve for settting default rights for all webs. One rather has to define them separately in each web's
WebPreference.
Please comment if I understood this correctly and if any change to that behaviour is planned. If no change to this behaviour is planned, this answer as well as Foswiki's documentation should be updated.
Thanks.
--
AndreasKeil - 16 Nov 2010