BlueSpicePermissionManager

Revision as of 09:24, 6 December 2016 by WikiSysop (talk | contribs) (1 revision: Migration)
- Error
The provided source article ("Buch:Administration manual") does not exist.

PermissionManager is for managing rights or permissions at a group and namespace level. User permissions are defined via the groups in which the users are placed.

Technical background

In order to hide the syntax of permission management in Mediawiki and the Lockdown extension, a dialogue is created in which the permissions can be set and easily viewed. A special form of group permissions is permission templates (rolls). GroupManager, NamespaceManager and Permissions-TemplatesManager are special extensions or dialogues.

Where can I find the function PermissionManager?

Firstly, you will need admin rights in order to call up the permission manager. If you have the right permissions, you will find "Permission manager" in the left navigation bar under "Admin". Click on the link and you will be taken to the administration page.

Sceenshot: Open the permission manager in the admin area


The functionality of PermissionManager

Choose one of the three work modes in the drop-down menu:

  • Group: An array is displayed for a chosen user group showing the namespaces and the permissions attached.
  • Namespace: An array is displayed for a chosen namespace showing the user groups and the permissions attached.
  • Permission: An array is displayed for a chosen permission showing the user groups and the namespaces.


PERMISSION MANAGER EXPLAINED

Permission manager is used to grant or revoke permissions. On the left side there is Groups menu that can be shown by clicking on the arrow at the top. It shows permission groups hierarchy. The asterisk (*) group includes all users that enter wiki, regardless of whether they are logged in or not. The "user" group applies to all logged in users. This groups holds different sub-groups, some of which are default to MediaWiki while others may be custom. Clicking on the group name shows (in the list to the right) all permissions granted to the group. You can add permissions by checking appropriate check box.

Assigning permissions Permissions can be granted for entire wiki (by checking "Wiki" checkbox) or only for selected namespaces. Assigning permissions follows an inheritance model. If you add permission to (*) group it will also be assigned to "user" and all sub-groups of "user". It will show like green unchecked field. When a permission is not explicitly granted to a group but its inherited from a parent group, field will appear as green and not checked

When explicitly adding permission to one groups (for entire wiki or just for one namespace) all other groups in the same hierarchy level will lose this permission.

Templates You can create templates for permissions. Templates represent collection of permissions to make permission management more straight-forward. Templates are added/edited in Template editor (click on "Edit templates" buttom at the bottom). Enter name for template, description and select permissions that will be managed by this template. When template is added it will appear at the top of the permission lists and assigning it to a group will grant all permissions defined in the template, and at the same time revoke these permissions from other groups in the same hierarchy level.


Assign the permissions as you want in the table. The permissions are colour coded. The explatation for the coding can be found in "Good to know". You can also work with permission-templates, also called roles. Such roles contain a collection of permissions.

Screenshot: Settings in the PermissionManager

Good to know:

  • Assigning permissions to groups and namespaces can be done either by choosing a permission-template (role) or by choosing individual permissions.
  • Permission-templates are defined by using unique (descriptive) names.
  • A permission-template is a freely definable collection of permissions.
  • Management of permission-templates is a component of the PermissionManager (with its own dialogue).
  • The first step to set permissions is to set them in the first folder - for the whole wiki (*).
  • The permissions you set for a group, will be set automatically for the following folders, for the wiki and all namespaces (green coloured - not checked).
  • If you want to give the groups more/different permissions - maybe in different namespaces - you can select them manually, but if you do that, the other groups, in the same hierarchy level, lose that permission for the namespace you choosen.
  • Colour coding:
    • no colour " border="0"

|- ! style="border: 1px solid #ebecec; width: 20%;"| User permissions

! style="border: 1px solid #ebecec;"| Definition

! style="border: 1px solid #ebecec;"| User group

|- | style="border: 1px solid #ebecec;"| read

| style="border: 1px solid #ebecec;"| lets the user view pages

| style="border: 1px solid #ebecec;"| user

|- | style="border: 1px solid #ebecec;"| edit

| style="border: 1px solid #ebecec;"| allows the user to edit unprotected pages

| style="border: 1px solid #ebecec;"| user

|- | style="border: 1px solid #ebecec;"| createpage

| style="border: 1px solid #ebecec;"| allows the user to create new pages (edit permission is needed here)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| createtalk

| style="border: 1px solid #ebecec;"| allows the user to create a new talk page (edit permission is needed here)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| writeapi

| style="border: 1px solid #ebecec;"| controls access to the write API ($wgEnableWriteAPI must be set to true), this means commands can be given using this external interface.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| upload

| style="border: 1px solid #ebecec;"| allows the creation of new pictures and files, i.e. pictures and files can be uploaded

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| files

| style="border: 1px solid #ebecec;"| allows the user to view files which have been uploaded (needs secure:Image), e.g. unregistered users can not see word or PDF documents.

| style="border: 1px solid #ebecec;"| user

|- | style="border: 1px solid #ebecec;"| rollback

| style="border: 1px solid #ebecec;"| lets the user roll back the article with a click, restoring a previous version from another author. If this permission is activated, you can find the rollback button under History next to "undo" by the last change.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| delete

| style="border: 1px solid #ebecec;"| allows the user to delete pages (can be found under more)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| move

| style="border: 1px solid #ebecec;"| allows the user to change the title of unprotected pages (edit permission is needed here) via move (can be found under more)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| move-subpages

| style="border: 1px solid #ebecec;"| this moves subpages along with the main page to which they are assigned (move permission is needed here). If the user has this permission, subpages are automatically moved with main pages.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| protect

| style="border: 1px solid #ebecec;"| allows the user to lock a page preventing it from being edited or moved (protect can be found under more). Editing a protected page is possible for those with this permission.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| block

| style="border: 1px solid #ebecec;"| allows the user to block IP addresses and registered users. There are various block options including stopping a user from editing and from registering new accounts and automatic blocking of other users with the same IP address. This takes place via the special page Block user.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| createaccount

| style="border: 1px solid #ebecec;"| allows the user to create new accounts (via WikiAdmin - User manager)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| bigdelete

| style="border: 1px solid #ebecec;"| allows the user to delete pages which are larger than the limit $wgDeleteRevisionsLimit. The variable DeleteRevisionsLimit can be set up in advance.

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| undelete

| style="border: 1px solid #ebecec;"| allows the user to restore deleted pages

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| editusercssjs

| style="border: 1px solid #ebecec;"| allows the user to create and edit their own Monobook style and scripts

| style="border: 1px solid #ebecec;"| user

|- | style="border: 1px solid #ebecec;"| import

| style="border: 1px solid #ebecec;"| allows the user to import an article from another wiki in one go (Transwiki)

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| markbotedits

| style="border: 1px solid #ebecec;"| lets the user mark a rollback as a bot edit

| style="border: 1px solid #ebecec;"| -

|- | style="border: 1px solid #ebecec;"| suppressredirect

| style="border: 1px solid #ebecec;"| allows moving a page without automatically setting up a redirect. A token can be placed when the page is moved

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| apihighlimits

| style="border: 1px solid #ebecec;"| gives a user a higher limit for API queries; this ia a special permission to allow several actions to be carried out at once

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| browsearchive

| style="border: 1px solid #ebecec;"| allows the user to search for prefixes of titles of deleted pages via Special:Undelete

| style="border: 1px solid #ebecec;"| sysop

|- | style="border: 1px solid #ebecec;"| noratelimit

| style="border: 1px solid #ebecec;"| The user is not affected by rate limits

| style="border: 1px solid #ebecec;"| sysop

|} See: User Rights

BlueSpice

WikiAdmin

User permissions

Definition

user group

editadmin

gives the user access to the module Search and, where appropriate PageTemplates in the WikiAdmin area

sysop

useradmin

gives the user access to the module User and if appropriate Groups in the WikiAdmin area

sysop

wikiadmin

grants the user full access to the WikiAdmin area

sysop

Responsible editor

User permissions

Definition

User group

responsibleeditors-changeresponsibility

lets the user change the responsible editors for a page.

sysop

responsibleeditors-viewspecialpage

lets the user see the overview of the responsible editors.

user

responsibleeditors-takeresponsibility

lets the user be assigned as a responsible editor for an article.

user

SecureFileStore

User permissions

Definition

User group

viewfiles

lets the user download and/or view files which have been uploaded.

user

ExtendedSearch

User permissions

Definition

User group

searchfiles

allows the user to search for files. Lets the user tick the extended search option Search files.

user

Review

User permissions

Definition

User group

workflowview

lets the user view work flows

user

workflowedit

lets the user create, edit, change and delete work flows

sysop

SecureFileStore

User permissions

Definition

user group

viewfiles

lets the user download and/or view files which have been uploaded.

user

Shoutbox

User permissions

Definition

user group

readshoutbox

lets the user read commentaries made using the Shoutbox.

user

writeshoutbox

lets the user add comments to the Shoutbox

sysop

Universal Export

User permissions

Definition

user group

universalexport-export

allows the user to create PDF files.

user

universalexport-export-with-attachments

allows the user to create PDF files with file attachments.

user

MediaWiki Erweiterungen

Flagged Revisions

User permissions

Definition

user group

review

lets the user review changes.

sysop

validate

lets the user validate changes.

-

autoreview

automatically marks those edits which a user has made themselves as reviewed

sysop

unreviewedpages

lets the user see the page Special:Unreviewed pages.

sysop

Nuke

User permissions

Definition

user group

nuke

allows the user to delete articles on mass.

sysop


Permission-templates

PermissonManager lets you make regularly recurring assignments easily by using permission templates, or roles. For example, when you need to supply a new namespace with the relevant group permissions.

Create templates

To create a new role, click on "Admin" in the left hand navigation bar. Then choose "Permission manager". And click on "Edit templates".


Add template

To add a new role, you can simply click the "New" button. Existing templates can be selected and then edited. The description is only for internal use for wiki admins. All permissions known to the wiki are listed here and can be selected and deselected.

Screenshot: Template editor of the permission managers

Assign group permissions

After saving, the groups will be chosen which should be assigned the permissions of the role.A simple click on the desired namespace is enough to validate the role.

Preferences

Have a look at the admin preferences to define the PermissionManager.

Screenshots: Admin preferences

Attachments

Discussions