Difference between revisions of "Manual:Extension/BlueSpicePermissionManager"

[unchecked revision]

[quality revision]

Revision as of 13:36, 8 July 2019 (view source)

Fbaeckmann (talk | contribs)

m

(Tag: 2017 source edit)

← Older edit

Revision as of 16:14, 31 October 2019 (view source)

Mlink-rodrigue (talk | contribs)

m

(Tag: Visual edit)

Newer edit →

What is BlueSpicePermissionManager?Access to the permission manager[edit | edit source]

BlueSpicePermissionManager offers easy and user-friendy way to manage user permissions on the wiki.

Where to find BlueSpicePermissionManager[edit | edit source]

BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to Special:PermissionManager

Using the BlueSpicePermissionManager[edit | edit source]

The role system To manage permissions, the extension BlueSpicePermissionManager provides the administrator interface. It is located under Global actions > Management > Permisison manager. This links to the page Special:PermissionManager:

Role-based permissions[edit | edit source]

Since In BlueSpice version 3.0 , roles , were introduced as a way to manage wiki rights, are introduced . The main intention of using roles is to simplify rights management and make it more straigh-forward.

Roles represent a collection of individual permissions that are necessary to perform certain function on the wiki. For example, for a user who is supposed to only to be able to read the wiki, many permissions in addition to the "read" permissions permission are needed, like : the ability to change their own settings, be able to search the wiki, to view page ratings... All those , and so on.

All permissions that make up a logical group , are encapsulated to in a role, in this example to the role "reader". This way, if If wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group the "reader" role, instead of assigning tens of different rights, which would such user group require.

Other functions on the wiki would also rights required for them encapsulated in a role.

By assigning role many individual rights.

By assigning roles to a group, all users belonging to that group will receive the rights contained in the role. BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions. these roles. Roles are not assigned directly to users, but to groups instead. Users are then assigned to one or more groups.

Default roles[edit | edit source]

By default, BlueSpicePermissionManager offers includes a number of pre-defined roles that are created to serve most of the user needs on the wiki. The individual permissions contained in a role can be seen by clicking the info icon in front of the role name. It opens a dialog with a permissions list for the role:

bot - role that should be typically assigned only to the "bot" group.
admin - role that contains all available rights, and . It should be assigned only to wiki-admin groups.
maintenanceadmin - very similar to "the admin" role, used for user groups that are responsible for maintaining wiki integrity
author - this role contains all permissions necessary for creating content on the wiki.
editor - role meant for user groups that are able to not only create own content, but to edit and delete content, create reviews and delete all content of the wik
reviewer - role that allows users to perform all reviewing actions on the wiki
accountmanager - role means for users that will manage user accountsuser account management rights
structuremanager - this role allows users to manage the structure of the wiki - move (rename) pages, create and delete namespaces...
reader - role that allows basic read-only access to the wiki
accountselfcreate - this role must be assinged to the "*" groups , in order to allow users to self-create user accounts by themselves
commenter - role for users that cannot create and edit content, but can only comment on the existing content

Layout of BlueSpicePermissionManager

The roles matrix[edit | edit source]

Adding namespaces to the role matrix

BlueSpicePermissionManager consists of:

the group tree on the left - showing all the groups available on the wiki in the hierarchy. The permission manager consists of the group tree (1) and the role matrix (2):

The group tree (on the left) shows all existing groups:

Group "*" - : all non-logged-in users (anonymous) users belong to this group
Group "user" - : all logged-in users belong to this group. This is , the default group for all users on the wiki, every user belongs to this group by default
Subgroups of group "user" - : all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking the "Show system groups" checkbox above the tree.
Role matrix - table showing namespaces in columns and roles in rows

Role matrix[edit | edit source]

Viewing permissions contained in a role

The columns in the role matrix are:

Role information column - represented by an (info icon. ): Clicking on this icon opens a dialog listing the icon shows all the permissions contained in a particular role. The list shows permission names and short description. This list is exportable.
Role name
"Wiki" column - this column represents assignment Wiki: Assignment of a role to the entire wiki. By assigning the role in this column, a user group will receive gets permissions in the this role everywhere on the wiki (all namespaces).
Individual namespaces - Following columns represent : The following columns list every (applicable) namespace on the wiki.
- Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespacesindividual namespaces. For example, the group user can get the editor role only in the namespace Public. Users in this group cannot edit content in any other . By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
- Same The same role can be granted to multiple groups for the same namespace.
- Which namespace will appear Additional namespaces can be added in the matrix can be controlled by adding column to the grid, by clicking on the arrow in table header, then "Columns" and selecting desired columns.. Then the namespaces can be selected.

Role inheritance[edit | edit source]

By default, all roles granted to "the (*" ) group will be granted to "the user" group, and all roles granted to "the user" group will be granted to all of the groups that are a sub-group of the group "user"are granted to its subgroups. If a group inherits the role from an upper-level group field, this is indicated in the role matrix will be shown in greenwith a green background, but the checkbox won't be checkedis empty.

Technical[edit | edit source]

Logging[edit | edit source]

Every change to the roles is logged in the MediaWiki log book, found under Special:Log under Permission Manager log type. These logs are availble only to wiki administrators (users in groups that have "admin" role grantedwith the role admin).

Backups[edit | edit source]

All changes to the role matrix is are backed - up. By default, the last 5 backups are being kept. This limit can be changed in BlueSpiceConfigManager, under configs for the extension BlueSpicePermissionManager.

See also[edit | edit source]

Reference page for this extension.

<bs:bookshelf src="Book:User manual" />
            
            
            
            __TOC__
            
            
            
            ==What is BlueSpicePermissionManager?==
            
            
            
            '''BlueSpicePermissionManager''' offers easy and user-friendy way to manage user permissions on the wiki.
            
            
            
            ==Where to find BlueSpicePermissionManager==
            
            [[File:PermissionManager1a.png|thumb]]
            
            
            
            BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to{{DISPLAYTITLE:Managing permissions}}
            
            
            <bs:bookshelf src="Book:User manual" />
            
            
            
            __TOC__
            
            
            
            ==Access to the permission manager==
            
            To manage permissions, the extension '''BlueSpicePermissionManager''' provides the administrator interface. It is located under ''Global actions > Management > Permisison manager''. This links to the page <code>Special:PermissionManager</code>
            
            {{Clear}}
            
            
            
            ==Using the BlueSpicePermissionManager==
            
            ===The role system===
            
            Since :<br />[[File:PermissionManager1a.png|alt=Screenshot: Permission manager|border|center|650x650px]]
            
            
            
            
            <br />
            
            ==Role-based permissions==
            
            In BlueSpice version 3.0, roles,  were introduced as a way to manage wiki rights, are introduced.
        
        The main intention of using roles is to simplify rights management and make it more straigh-forward.
            
            Roles represent a .
            
            
            
            Roles represent a '''collection of individual permissions''' that are necessary to perform certain function on the wiki. For example, for a user who is supposed only to be able to only read the wiki, many permissions in addition to the "read" permissionspermission are needed, like: the ability to change their own settings, be able  to search the wiki, to view page ratings...
            
            All those permissions that make a logical group, are encapsulated to, and so on.
            
            
            
            All permissions that make up a logical group are encapsulated in a role, in this example to the role "reader".
        
        
        This way, if If wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group the "reader" role, instead of assigning tens of different rights, which would such user group require.
            
            
            
            Other functions on the wiki would also rights required for them encapsulated in a role.
            
            
            
            By assigning rolemany individual rights.
            
            
            
            By assigning roles to a group, all users belonging to that group will receive the rights contained in the role.
            
            
            
            BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions.
            
            
            
            ====Default roles====
            
            By default BlueSpicePermissionManager offersthese roles. Roles are not assigned directly to users, but to groups instead. Users are then assigned to one or more groups.
            
            
            
            ===Default roles===
            
            By default, BlueSpicePermissionManager includes a number of pre-defined roles that are created to serve most of the user needs on the wiki:
            
            * '''bot '''- role that should be serve most user needs on the wiki. The individual permissions contained in a role can be seen by clicking the info icon in front of the role  name. It opens a dialog with a permissions list for the role:
            
            [[File:bot-permissions.png|alt=Screenshot: bot permissions|center|650x650px]]
            
            
            <br />
            
            
            
            *'''bot '''- typically assigned only to the "''bot"'' group.
            
            * 
            
            *'''admin '''- role that contains all available rights, and. It should be assigned only to wiki-admin groups.
            
            * 
            
            *'''maintenanceadmin '''- very similar to "the ''admin"'' role, used for user groups that are responsible for maintaining wiki integrity
        
        * '''author '''- this role contains all permissions necessary for creating content on the wiki.
            
            * 
            
            *'''editor '''- role meant for user groups that are able to not only create own content, but to edit, create reviews and delete all content of the wik
            
            * '''reviewer '''- role that allows users to perform all reviewing actions on the wiki
            
            * '''accountmanager '''- role means for users that will manage user accounts
            
            * '''structuremanager '''- this role allows users to manage the structure of the wiki - create content, edit and delete content, create reviews
            
            *'''reviewer '''- all reviewing actions
            
            *'''accountmanager '''- user account management rights
            
            *'''structuremanager '''- move (rename) pages, create and delete namespaces...
            
            * '''reader''' - role that allows  
            
            *'''reader''' - basic read-only access
        
        
        to the wiki
            
            * *'''accountselfcreate '''- this role must be assinged to the "*" groups, in order  to allow users to self-create user accounts
        
        
        by themselves
            
            * '''commenter '''- role for users that *'''commenter '''- cannot create and edit content, but can only comment on the existing content
        
        
        
        ===Layout of BlueSpicePermissionManager===
            
            [[File:PermissionManager2a.png|thumb|The roles matrix==
            
            The permission manager consists of the group tree (1) and the role matrix (2):<br />[[File:PermissionManager2a.png|Adding namespaces to the role matrix]]
            
            BlueSpicePermissionManager consists of:
            
            * the group tree on the left - showing all the groups available on the wiki in the hierarchy. 
            
            ** Group "*" - |alt=Screenshot: permissions manager areas|border|center|650x650px]]
            
            
            
            
            
            The '''group tree''' (on the left)  shows all existing groups:
            
            
            
            *'''Group "*":''' all non-logged-in users (anonymous) users belong to this group
            
            ** Group "user" - 
            
            *'''Group "user":''' all logged-in users belong to this group. This is , the default group for all users
        
        
        on the wiki, every user belongs to this group by default
            
            ** *'''Subgroups of group "user" - :''' all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking the "Show system groups" checkbox above the tree.
        
        
        * Role matrix - table showing namespaces in columns and roles in rows
            
            
            
            ===Role matrix===
            
            [[File:PermissionManager3a.png|thumb|Viewing permissions contained in a role]]
            
            
        
            
            
            
            
        The columns in the '''role matrix''' are:
        
        
        * 
            
            *'''Role information column - represented by an info icon. Clicking on this icon opens a dialog listing all the permissions contained in a particular role. The list shows permission names and short description. ''' (info icon): Clicking the icon shows all the permissions  in a role. This list is exportable.
        
        * '''Role name
            
            * "Wiki" column - this column represents assignment '''
            
            *'''Wiki:''' Assignment of a role to the entire wiki. By assigning the role in this column, a user group will receive gets permissions in thethis role everywhere on the wiki (all namespaces).
        
        * '''Individual namespaces - Following columns represent:''' The following columns list every (applicable) namespace on the wiki.
        
        ** Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespacesindividual namespaces. For example, the group ''user'' can get the ''editor'' role only in the namespace ''Public. Users in this group cannot edit content in any other'' . By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
        
        ** SameThe same role can be granted to multiple groups for the same namespace.
        
        ** Which namespace will appearAdditional namespaces can be added in the matrix can be controlled by adding column to the grid, by by clicking on the arrow in table header, then "Columns" and selecting desired columns. Then the namespaces can be selected.
        
        
        
        ===Role inheritance===
        
        By default, all roles granted to "*"the (*) group will be granted to "the ''user"'' group, and all roles granted to "the ''user"'' group will be are granted to all of the groups that are a sub-group of the group "user"its subgroups.
        
        If a group inherits the role from an upper-level group field , this is indicated in the role matrix will be shown in greenwith a green background, but the checkbox won't be checkedis empty.
        
        
        
        ==Technical==
        
        ===Logging===
        
        Every change to the roles is logged in the MediaWiki log book, found under <code>Special:Log</code> under <code> Permission Manager log</code> type.
        
        These logs are availble only to wiki administrators (users in groups that have "admin" role granted).
            
            === Backups ===
            
            All changes to role matrix is backed-up. By default, with the role ''admin'').
            
            ===Backups===
            
            All changes to the role matrix  are backed up. By default, the last 5 backups are being kept. This limit can be changed in [[Manual:Extension/BlueSpiceConfigManager|BlueSpiceConfigManager]], under configs for the extension BlueSpicePermissionManager.
        
        
        
            
            
            
            
        ==See also==
        
        [[Reference:PermissionManager|Reference page]] for this extension.
        
        
        
        {{Translation}}

@@ Line 1: / Line 1: @@
+{{DISPLAYTITLE:Managing permissions}}
 <bs:bookshelf src="Book:User manual" />
 __TOC__
-==What is BlueSpicePermissionManager?==
+==Access to the permission manager==
+To manage permissions, the extension '''BlueSpicePermissionManager''' provides the administrator interface. It is located under ''Global actions > Management > Permisison manager''. This links to the page <code>Special:PermissionManager</code>:<br />[[File:PermissionManager1a.png|alt=Screenshot: Permission manager|border|center|650x650px]]
-'''BlueSpicePermissionManager''' offers easy and user-friendy way to manage user permissions on the wiki.
+<br />
+==Role-based permissions==
+In BlueSpice version 3.0 roles were introduced as a way to manage wiki rights, .
+The main intention of using roles is to simplify rights management.
-==Where to find BlueSpicePermissionManager==
+Roles represent a '''collection of individual permissions''' that are necessary to perform certain function on the wiki. For example, for a user who is supposed to only read the wiki, many permissions in addition to the "read" permission are needed: the ability to change their own settings,  to search the wiki, to view page ratings, and so on.
-[[File:PermissionManager1a.png|thumb]]
-BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to <code>Special:PermissionManager</code>
+All permissions that make up a logical group are encapsulated in a role, in this example the role "reader".
-{{Clear}}
+If wiki admins want to grant read-only rights to a user group, they only need to assign that group the "reader" role, instead of assigning many individual rights.
-==Using the BlueSpicePermissionManager==
+By assigning roles to a group, all users belonging to that group will receive the rights contained in these roles. Roles are not assigned directly to users, but to groups instead. Users are then assigned to one or more groups.
-===The role system===
-Since BlueSpice version 3.0, roles, as a way to manage wiki rights, are introduced.
-The main intention of using roles is to simplify rights management and make it more straigh-forward.
-Roles represent a collection of individual permissions that are necessary to perform certain function on the wiki. For example, for a user who is supposed only to be able to read the wiki, many permissions in addition to the "read" permissions are needed, like ability to change own settings, be able to search the wiki, view page ratings...
-All those permissions that make a logical group, are encapsulated to a role, in this example to the role "reader".
-This way, if wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group "reader" role, instead of assigning tens of different rights, which would such user group require.
-Other functions on the wiki would also rights required for them encapsulated in a role.
+===Default roles===
+By default, BlueSpicePermissionManager includes a number of pre-defined roles that serve most user needs on the wiki. The individual permissions contained in a role can be seen by clicking the info icon in front of the role  name. It opens a dialog with a permissions list for the role:
+[[File:bot-permissions.png|alt=Screenshot: bot permissions|center|650x650px]]
+<br />
-By assigning role to a group, all users belonging to that group will receive rights contained in the role.
+*'''bot '''- typically assigned only to the ''bot'' group
+*'''admin '''- all available rights. It should be assigned only to wiki-admin groups
+*'''maintenanceadmin '''- very similar to the ''admin'' role, used for user groups that are responsible for maintaining wiki integrity
+*'''author '''- all permissions necessary for creating content on the wiki
+*'''editor '''- create content, edit and delete content, create reviews
+*'''reviewer '''- all reviewing actions
+*'''accountmanager '''- user account management rights
+*'''structuremanager '''- move (rename) pages, create and delete namespaces
+*'''reader''' - basic read-only access
+*'''accountselfcreate '''- this role must be assinged to the "*" groups to allow users to self-create user accounts
+*'''commenter '''- cannot create and edit content, can only comment on existing content
-BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions.
+==The roles matrix==
+The permission manager consists of the group tree (1) and the role matrix (2):<br />[[File:PermissionManager2a.png|Adding namespaces to the role matrix|alt=Screenshot: permissions manager areas|border|center|650x650px]]
-====Default roles====
-By default BlueSpicePermissionManager offers a number of pre-defined roles that are created to serve most of the user needs on the wiki:
-* '''bot '''- role that should be typically assigned only to the "bot" group.
-* '''admin '''- role that contains all available rights, and should be assigned only to wiki-admin groups.
-* '''maintenanceadmin '''- very similar to "admin" role, used for user groups that are responsible for maintaining wiki integrity
-* '''author '''- this role contains all permissions necessary for creating content on the wiki.
-* '''editor '''- role meant for user groups that are able to not only create own content, but to edit, create reviews and delete all content of the wik
-* '''reviewer '''- role that allows users to perform all reviewing actions on the wiki
-* '''accountmanager '''- role means for users that will manage user accounts
-* '''structuremanager '''- this role allows users to manage the structure of the wiki - move (rename) pages, create and delete namespaces...
-* '''reader''' - role that allows basic read-only access to the wiki
-* '''accountselfcreate '''- this role must be assinged to the "*" groups, in order to allow users to create user accounts by themselves
-* '''commenter '''- role for users that cannot create and edit content, but can comment on the existing content
-===Layout of BlueSpicePermissionManager===
+The '''group tree''' (on the left)  shows all existing groups:
-[[File:PermissionManager2a.png|thumb|Adding namespaces to the role matrix]]
-BlueSpicePermissionManager consists of:
-* the group tree on the left - showing all the groups available on the wiki in the hierarchy.
-** Group "*" - all non-logged-in users (anonymous) users belong to this group
-** Group "user" - all logged-in users belong to this group. This is the default group for all users on the wiki, every user belongs to this group by default
-** Subgroups of group "user" - all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking "Show system groups" checkbox above the tree.
-* Role matrix - table showing namespaces in columns and roles in rows
-===Role matrix===
+*'''Group "*":''' all non-logged-in (anonymous) users
-[[File:PermissionManager3a.png|thumb|Viewing permissions contained in a role]]
+*'''Group "user":''' all logged-in users, the default group for all users
-The columns in the role matrix are:
+*'''Subgroups of group "user":''' all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking the "Show system groups" checkbox above the tree.
-* Role information column - represented by an info icon. Clicking on this icon opens a dialog listing all the permissions contained in a particular role. The list shows permission names and short description. This list is exportable.
-* Role name
-* "Wiki" column - this column represents assignment of a role to the entire wiki. By assigning the role in this column, user group will receive permissions in the role everywhere on the wiki (all namespaces).
+The columns in the '''role matrix''' are:
-* Individual namespaces - Following columns represent every (applicable) namespace on the wiki.
-** Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespaces. By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
+*'''Role information''' (info icon): Clicking the icon shows all the permissions  in a role. This list is exportable.
-** Same role can be granted to multiple groups for the same namespace.
+*'''Role name'''
-** Which namespace will appear in the matrix can be controlled by adding column to the grid, by clicking on the arrow in table header, then "Columns" and selecting desired columns.
+*'''Wiki:''' Assignment of a role to the entire wiki. By assigning the role in this column, a user group gets permissions in this role on the wiki (all namespaces).
+*'''Individual namespaces:''' The following columns list every (applicable) namespace on the wiki.
+**Roles can be assigned to individual namespaces. For example, the group ''user'' can get the ''editor'' role only in the namespace ''Public. Users in this group cannot edit content in any other'' . By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
+**The same role can be granted to multiple groups for the same namespace.
+**Additional namespaces can be added in the matrix by clicking on the arrow in table header, then "Columns". Then the namespaces can be selected.
 ===Role inheritance===
-By default, all roles granted to "*" group will be granted to "user" group, and all roles granted to "user" group will be granted to all of the groups that are a sub-group of the group "user".
+By default, all roles granted to the (*) group will be granted to the ''user'' group, and all roles granted to the ''user'' group are granted to its subgroups.
-If a group inherits the role from upper-level group field in the role matrix will be shown in green, but the checkbox won't be checked.
+If a group inherits the role from an upper-level group field, this is indicated in the role matrix with a green background, but the checkbox is empty.
 ==Technical==
 ===Logging===
 Every change to the roles is logged in the MediaWiki log book, found under <code>Special:Log</code> under <code> Permission Manager log</code> type.
-These logs are availble only to wiki administrators (users in groups that have "admin" role granted).
+These logs are availble only to wiki administrators (users in groups with the role ''admin'').
-=== Backups ===
+===Backups===
-All changes to role matrix is backed-up. By default, last 5 backups are being kept. This limit can be changed in [[Manual:Extension/BlueSpiceConfigManager|BlueSpiceConfigManager]], under configs for extension BlueSpicePermissionManager.
+All changes to the role matrix  are backed up. By default, the last 5 backups are kept. This limit can be changed in [[Manual:Extension/BlueSpiceConfigManager|BlueSpiceConfigManager]], under configs for the extension BlueSpicePermissionManager.
 ==See also==
 [[Reference:PermissionManager|Reference page]] for this extension.
 {{Translation}}

User

Wiki

Participate

Topics

Documentation

General Books

Difference between revisions of "Manual:Extension/BlueSpicePermissionManager"

Contents

What is BlueSpicePermissionManager?Access to the permission manager[edit | edit source]

Where to find BlueSpicePermissionManager[edit | edit source]

Using the BlueSpicePermissionManager[edit | edit source]