Skip to Content

Changes for page Permissions

Last modified by Sean Hetherington on 2021/09/09 20:55
From version 7.1
edited by Sean Hetherington
on 2021/09/09 18:01
Change comment: Import
To version 1.1
edited by colinw
on 2021/09/09 18:01
Change comment: Import

Summary

Details

Page properties
Parent
... ... @@ -1,1 +1,0 @@
1 -Configuration
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.seanh
1 +XWiki.colinw
Tags
... ... @@ -1,1 +1,0 @@
1 -permission|security|restriction
Content
... ... @@ -7,21 +7,13 @@
7 7  
8 8  By default, the permissions system in iSymphony is disabled, allowing all users access to all actions in the panel. This can be changed with the toggle switch next to the page title.
9 9  
10 -Permissions can be defined independently by subject and type, and each permission has a policy and a list of exceptions.
10 +Each permission defined in the system is a combination of several pieces of information:
11 11  
12 -//Permissions Toggle Switch//
13 -
14 -[[image:attach:permissions_switch.png]]
15 -
16 -== Permission Subjects ==
17 -
18 -Permission subjects in iSymphony are the users and user groups. When viewing the permissions configuration page in iSymphony, the available subjects are listed on the left side of the screen. When evaluating whether a user is allowed to perform an action in the panel, iSymphony may check multiple subjects:
19 -
20 -1. The user themselves;
21 -1. Any groups the user is a member of;
22 -1. The //All Users// group
23 -
24 -The list above is checked in order to find the first permission that matches the correct type for the action. If no permission is found on one level, the next level is then checked. If multiple groups containing the user are found that define conflicting permissions for the same type, the result is permissive - the action is allowed. If no permission is found after checking the //All Users// group, the action is allowed.
12 +1. Subject
13 +1. Type
14 +11. Targets
15 +1. Policy
16 +1. Exceptions
25 25  {{/layout-cell}}
26 26  
27 27  {{layout-cell}}
... ... @@ -35,8 +35,18 @@
35 35  
36 36  {{layout-section ac:type="single"}}
37 37  {{layout-cell}}
38 -== (% style="line-height: 1.5;" %)Permission Types(%%) ==
30 +== Permission Subjects ==
39 39  
32 +Permission subjects in iSymphony are the users and user groups. When viewing the permissions configuration page in iSymphony, the available subjects are listed on the left side of the screen. When evaluating whether a user is allowed to perform an action in the panel, iSymphony may check multiple subjects:
33 +
34 +1. The user themselves;
35 +1. Any groups the user is a member of;
36 +1. The //All Users// group
37 +
38 +The list above is checked in order to find the first permission that matches the correct type for the action. If no permission is found on one level, the next level is then checked. If multiple groups containing the user are found that define conflicting permissions for the same type, the result is permissive - the action is allowed. If no permission is found after checking the //All Users// group, the action is allowed.
39 +
40 +== Permission Types ==
41 +
40 40  The //type// of a permission determines what action it controls. When viewing the permissions configuration page in iSymphony, the available permission types are listed on the right side of the screen. Permissions can be controlled individually for each permission type.
41 41  
42 42  === Permission Targets ===
... ... @@ -55,7 +55,7 @@
55 55  
56 56  === Owned Exception ===
57 57  
58 -A special exception exists, called //Owned by User//. In some cases, a user "owns" some targets - for example, most users own one or more extensions. If the //Owned by User// exception appears in the list of exceptions, this has the same effect as if the owned targets each appeared individually. For example, if Albert owned extensions 1001 and 1010, and a permission is defined for Albert as //Deny// with //Owned by User// in the exceptions list, then Albert will still be able to perform that action on extensions 1001 and 1010. Note also that if a third extension is added to Albert, say, 1020, that Albert would automatically be allowed to perform that action on extension 1020 without having to update the permission settings.
60 +A special exception exists, called //Owned//. In some cases, a user "owns" some targets - for example, most users own one or more extensions. If the //Owned// exception appears in the list of exceptions, this has the same effect as if the owned targets each appeared individually. For example, if Albert owned extensions 1001 and 1010, and a permission is defined for Albert as //Deny// with //Owned// in the exceptions list, then Albert will still be able to perform that action on extensions 1001 and 1010. Note also that if a third extension is added to Albert, say, 1020, that Albert would automatically be allowed to perform that action on extension 1020 without having to update the permission settings.
59 59  
60 60  = Editing permissions =
61 61  
... ... @@ -92,10 +92,6 @@
92 92  == Saving the changes ==
93 93  
94 94  Once changes have been made to the permissions for a subject, the //Save Permissions// button in the top right corner of the screen will become enabled. Click this button to save and apply the permissions.
95 -
96 -= Glossary of Permissions =
97 -
98 -For a list of permissions that are available in the system, and what they control, see the [[doc:List of Permissions]] page.
99 99  {{/layout-cell}}
100 100  {{/layout-section}}
101 101  {{/layout}}
permissions_switch
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiGuest
Size
... ... @@ -1,1 +1,0 @@
1 -26.5 KB
Content
permissions_switch.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiGuest
Size
... ... @@ -1,1 +1,0 @@
1 -26.5 KB
Content