Difference: TWikiAccessControl (25 vs. 26)

Revision 262002-05-29 - PeterThoeny

Line: 1 to 1
	On this page: An Important Control Consideration Permissions settings of the webs on this TWiki site Authentication vs. Access Control Users and Groups Managing Users Managing Groups The Super Admin Group Restricting Access Controlling access to a Web Controlling access to a Topic Allowing public access to specific topics in a restricted web Empty values in access control variables Securing File Attachments Controlling who can manage top-level webs How TWiki evaluates ALLOW/DENY settings Allowing web creation/deletion/rename by user mapping manager Forbid certain users to do certain actions by configuration User masquerading Dynamic access control Example 1 - restriction based on topic name Example 2 - restriction based on form field Dynamic access control in accessing a different web's topic Topic level dynamic access control Dynamic access control and user masquerading Avoiding vulnerability Disabling dynamic access control Access control and INCLUDE Customizing "access denied" message Custom user/group notations Access Control quick recipes Restrict Access to Whole TWiki Site Authenticate and Restrict Selected Webs Only Hide Control Settings Obfuscating Webs Read-only Skin Mode Configuring access control for topics of a certain name in all webs
Line: 144 to 144
	Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic: `Set DENYWEBVIEW = < list of Users and Groups >` `Set ALLOWWEBVIEW = < list of Users and Groups >`
Added:
> >	*Note:* `DENYWEBVIEW` is evaluated before `ALLOWWEBVIEW`. Access is denied if the authenticated person is in the `DENYWEBVIEW` list, or not in the `ALLOWWEBVIEW` list. Access is granted in case `DENYWEBVIEW` and `ALLOWWEBVIEW` is not defined.
	Hide the web from an "all webs" search. Enable this restriction with the `NOSEARCHALL` variable in its WebPreferences topic: `Set NOSEARCHALL = on` Add `view` to the list of authenticated scripts in the `.htaccess` file.
Line: 157 to 158
	Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic: `Set DENYWEBVIEW = < list of Users and Groups >` `Set ALLOWWEBVIEW = < list of Users and Groups >`
Added:
> >	*Note:* `DENYWEBVIEW` is evaluated before `ALLOWWEBVIEW`. Access is denied if the authenticated person is in the `DENYWEBVIEW` list, or not in the `ALLOWWEBVIEW` list. Access is granted in case `DENYWEBVIEW` and `ALLOWWEBVIEW` is not defined.
	Hide the web from an "all webs" search. Enable this restriction with the `NOSEARCHALL` variable in its WebPreferences topic: `Set NOSEARCHALL = on` Enable the `$doRememberRemoteUser` flag in `lib/TWiki.cfg` as described in TWikiUserAuthentication. ARC TWiki will now remember the IP address of an authenticated user.
Line: 170 to 172
	Hiding Control Settings
Changed:
< <	To hide access control settings from normal browser viewing, place them in comment markers. <!-- Set DENYTOPICCHANGE = Main.SomeGroup -->
> >	To hide access control settings from normal browser viewing, place them in comment markers. <style="background-color:#f5f5f5"> `<!--` `* Set DENYTOPICCHANGE = Main.SomeGroup` `-->`
	The SuperAdminGroup

View topic | History: r44 < r43 < r42 < r41 | More topic actions...

Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ARC TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiAccessControl.

Difference: TWikiAccessControl (25 vs. 26)

Revision 262002-05-29 - PeterThoeny

Hiding Control Settings

The SuperAdminGroup