BlueSpicePermissionManager
-
- Last edited 6 years ago by Richard Heigl
-
-
- No status information
PermissionManager is for managing rights or permissions at a group and namespace level. User permissions are defined via the groups in which the users are placed.
Technical background
In order to hide the syntax of permission management in Mediawiki and the Lockdown extension, a dialogue is created in which the permissions can be set and easily viewed. A special form of group permissions is permission templates (rolls). GroupManager, NamespaceManager and Permissions-TemplatesManager are special extensions or dialogues.
Where can I find the function PermissionManager?
Firstly, you will need admin rights in order to call up the permission manager. If you have the right permissions, you will find "Permission manager" in the left navigation bar under "Admin". Click on the link and you will be taken to the administration page.
The functionality of PermissionManager
Choose one of the three work modes in the drop-down menu:
- Group: An array is displayed for a chosen user group showing the namespaces and the permissions attached.
- Namespace: An array is displayed for a chosen namespace showing the user groups and the permissions attached.
- Permission: An array is displayed for a chosen permission showing the user groups and the namespaces.
PERMISSION MANAGER EXPLAINED
Permission manager is used to grant or revoke permissions. On the left side there is Groups menu that can be shown by clicking on the arrow at the top. It shows permission groups hierarchy. The asterisk (*) group includes all users that enter wiki, regardless of whether they are logged in or not. The "user" group applies to all logged in users. This groups holds different sub-groups, some of which are default to MediaWiki while others may be custom. Clicking on the group name shows (in the list to the right) all permissions granted to the group. You can add permissions by checking appropriate check box.
Assigning permissions Permissions can be granted for entire wiki (by checking "Wiki" checkbox) or only for selected namespaces. Assigning permissions follows an inheritance model. If you add permission to (*) group it will also be assigned to "user" and all sub-groups of "user". It will show like green unchecked field. When a permission is not explicitly granted to a group but its inherited from a parent group, field will appear as green and not checked
When explicitly adding permission to one groups (for entire wiki or just for one namespace) all other groups in the same hierarchy level will lose this permission.
Templates You can create templates for permissions. Templates represent collection of permissions to make permission management more straight-forward. Templates are added/edited in Template editor (click on "Edit templates" buttom at the bottom). Enter name for template, description and select permissions that will be managed by this template. When template is added it will appear at the top of the permission lists and assigning it to a group will grant all permissions defined in the template, and at the same time revoke these permissions from other groups in the same hierarchy level.
Assign the permissions as you want in the table. The permissions are colour coded. The explatation for the coding can be found in "Good to know". You can also work with permission-templates, also called roles. Such roles contain a collection of permissions.
Good to know:
- Assigning permissions to groups and namespaces can be done either by choosing a permission-template (role) or by choosing individual permissions.
- Permission-templates are defined by using unique (descriptive) names.
- A permission-template is a freely definable collection of permissions.
- Management of permission-templates is a component of the PermissionManager (with its own dialogue).
- The first step to set permissions is to set them in the first folder - for the whole wiki (*).
- The permissions you set for a group, will be set automatically for the following folders, for the wiki and all namespaces (green coloured - not checked).
- If you want to give the groups more/different permissions - maybe in different namespaces - you can select them manually, but if you do that, the other groups, in the same hierarchy level, lose that permission for the namespace you choosen.
- Colour coding:
- no colour " border="0"
User permissions
Definition
User group
read
lets the user view pages
user
edit
allows the user to edit unprotected pages
user
createpage
allows the user to create new pages (edit permission is needed here)
sysop
createtalk
allows the user to create a new talk page (edit permission is needed here)
sysop
writeapi
controls access to the write API ($wgEnableWriteAPI must be set to true), this means commands can be given using this external interface.
sysop
upload
allows the creation of new pictures and files, i.e. pictures and files can be uploaded
sysop
files
allows the user to view files which have been uploaded (needs secure:Image), e.g. unregistered users can not see word or PDF documents.
user
rollback
lets the user roll back the article with a click, restoring a previous version from another author. If this permission is activated, you can find the rollback button under History next to "undo" by the last change.
sysop
delete
allows the user to delete pages (can be found under more)
sysop
move
allows the user to change the title of unprotected pages (edit permission is needed here) via move (can be found under more)
sysop
move-subpages
this moves subpages along with the main page to which they are assigned (move permission is needed here). If the user has this permission, subpages are automatically moved with main pages.
sysop
protect
allows the user to lock a page preventing it from being edited or moved (protect can be found under more). Editing a protected page is possible for those with this permission.
sysop
block
allows the user to block IP addresses and registered users. There are various block options including stopping a user from editing and from registering new accounts and automatic blocking of other users with the same IP address. This takes place via the special page Block user.
sysop
createaccount
allows the user to create new accounts (via WikiAdmin - User manager)
sysop
bigdelete
allows the user to delete pages which are larger than the limit $wgDeleteRevisionsLimit. The variable DeleteRevisionsLimit can be set up in advance.
sysop
undelete
allows the user to restore deleted pages
sysop
editusercssjs
allows the user to create and edit their own Monobook style and scripts
user
import
allows the user to import an article from another wiki in one go (Transwiki)
sysop
markbotedits
lets the user mark a rollback as a bot edit
-
suppressredirect
allows moving a page without automatically setting up a redirect. A token can be placed when the page is moved
sysop
apihighlimits
gives a user a higher limit for API queries; this ia a special permission to allow several actions to be carried out at once
sysop
browsearchive
allows the user to search for prefixes of titles of deleted pages via Special:Undelete
sysop
noratelimit
The user is not affected by rate limits
sysop
See: User Rights
BlueSpice
WikiAdmin
|
User permissions |
Definition |
user group |
|---|---|---|
|
editadmin |
gives the user access to the module Search and, where appropriate PageTemplates in the WikiAdmin area |
sysop |
|
useradmin |
gives the user access to the module User and if appropriate Groups in the WikiAdmin area |
sysop |
|
wikiadmin |
grants the user full access to the WikiAdmin area |
sysop |
Responsible editor
|
User permissions |
Definition |
User group |
|---|---|---|
|
responsibleeditors-changeresponsibility |
lets the user change the responsible editors for a page. |
sysop |
|
responsibleeditors-viewspecialpage |
lets the user see the overview of the responsible editors. |
user |
|
responsibleeditors-takeresponsibility |
lets the user be assigned as a responsible editor for an article. |
user |
SecureFileStore
|
User permissions |
Definition |
User group |
|---|---|---|
|
viewfiles |
lets the user download and/or view files which have been uploaded. |
user |
ExtendedSearch
|
User permissions |
Definition |
User group |
|---|---|---|
|
searchfiles |
allows the user to search for files. Lets the user tick the extended search option Search files. |
user |
Review
|
User permissions |
Definition |
User group |
|---|---|---|
|
workflowview |
lets the user view work flows |
user |
|
workflowedit |
lets the user create, edit, change and delete work flows |
sysop |
SecureFileStore
|
User permissions |
Definition |
user group |
|---|---|---|
|
viewfiles |
lets the user download and/or view files which have been uploaded. |
user |
Shoutbox
|
User permissions |
Definition |
user group |
|---|---|---|
|
readshoutbox |
lets the user read commentaries made using the Shoutbox. |
user |
|
writeshoutbox |
lets the user add comments to the Shoutbox |
sysop |
Universal Export
|
User permissions |
Definition |
user group |
|---|---|---|
|
universalexport-export |
allows the user to create PDF files. |
user |
|
universalexport-export-with-attachments |
allows the user to create PDF files with file attachments. |
user |
MediaWiki Erweiterungen
Flagged Revisions
|
User permissions |
Definition |
user group |
|---|---|---|
|
review |
lets the user review changes. |
sysop |
|
validate |
lets the user validate changes. |
- |
|
autoreview |
automatically marks those edits which a user has made themselves as reviewed |
sysop |
|
unreviewedpages |
lets the user see the page Special:Unreviewed pages. |
sysop |
Nuke
|
User permissions |
Definition |
user group |
|---|---|---|
|
nuke |
allows the user to delete articles on mass. |
sysop |
Permission-templates
PermissonManager lets you make regularly recurring assignments easily by using permission templates, or roles. For example, when you need to supply a new namespace with the relevant group permissions.
Create templates
To create a new role, click on "Admin" in the left hand navigation bar. Then choose "Permission manager". And click on "Edit templates".
Add template
To add a new role, you can simply click the "New" button. Existing templates can be selected and then edited. The description is only for internal use for wiki admins. All permissions known to the wiki are listed here and can be selected and deselected.
Assign group permissions
After saving, the groups will be chosen which should be assigned the permissions of the role.A simple click on the desired namespace is enough to validate the role.
Preferences
Have a look at the admin preferences to define the PermissionManager.
