• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Now that there's this nifty way of setting topic preferences via Edit settings (via manage.pm), there needs to be a way to prevent people from changing them even if they're allowed to edit the topic. For example, one might set VIEW_TEMPLATE and not want users to be able to change that. (At least not easily; power users can do a lot more than would make a TWiki app writer comfortable.)


(And which is it, settings or preferences?)


If this gets implemented then there will be two different settings to control the access rights to a topic. It gets so complicated to keep track of that both the admin, the web masters and the users will have a hard time working out what to setup.

I say - if a user is smart enough to find his way into the settings page and he has the rights to change the topic - he probably also has a pretty good reason to change the settings when he does it.

We have to be careful we do not make TWiki too complicated to use or optimize it towards a few very special applications that TWiki was not really intended for. And we have to take care that TWiki remains a Wiki! And not just another CMS.

Last - access rights is one of the features that has a large part to play on performance. Adding yet another access right feature is going to be yet another step in making TWiki slower.


if a user is smart enough to find his way into the settings page

That's a pretty sad commentary on the UI.

But more to the point, certain topic "settings" are more the purview of an admin or developer than otheres. That is, editing the contents of a topic is very different that editing settings such as VIEW_TEMPLATE, EDIT_TEMPLATE, and such, which clearly (IMO) don't belong in the whiteboard.

For example, when I suggested that form-based applications should use %META{"form"}% in their contents rather than removing the twisty for the form, the response was "it's too easy to delete it by accident". The right solution to stuff that shouldn't be deleted is a custom VIEW_TEMPLATE. In this case, the form would not be part of the editable portion of the topic but would be displayed there.


I long ago pointed out that using "settings" for access control was a chronic kludge and that access control should not be in-band.

What you are pointing out, Meredith, is that these controls are in-band and they shouldn't be. Once we differentiate access control from other settings things become a lot easier.

For a professional tool in a corporate setting, access control is needed. Sorry, things like Sarbanes-Oxley and many other regulations demand that.

Control over access control and TEMPLATE issues is orthogonal from control over the data content. Think of the analogy with a file system. The commands like chmod and chown don't affect content. I can grant permission to edit a file without granting permission to change its access permissions.

Can this be implemented in a light-weight fashion? I believe so. Moving access control out of band means we can use thigns like hash databases. We can have the default fall back to a web level.

Will it make the UI more complicated? Yes and no. No, it won't make it more complicated for those that don't need to manipulate these thigns. In fact it will clear out the current in-band stuff that confuses many users.

Yes there will need to be a GUI for those that do have authority and need - Meeedith's "admins and developers". But so what? I have this in my UNIX and MAC interfaces - I have to drag up a GUI to do a chmod or chown/chgroup or any of a number of other 'attributes' that are out of band to the file contents. So what? Such people are expected to be knowledgeable out such matters.

Moving access control out of band will allow significant performance imnprovements. Access control over access cotnrol is a corporate necessity.

-- AJA

Access control over access control, and taking access control out of band, are not necessarily the same thing. Access controls can be protected even when they are in band - it just depends on how much you are prepared to compromise the topic text during a save operation.

Sorry, this isn't Urgent, and is not appropriate for a minor release.


Perhaps I wasn't clear. I wasn't talking about settings in topic text, only settings done through the "edit settings" mechanism, which puts them into META:PREFERENCES. So I'm not talking about ACL over ACL but, rather, ACL over non-text content.

And it's not just corporations that need ACL. My first major TWiki app is for a school, where ACL is very important to keep things away from the prying eyes and fingers of the children.


Summary Need access control for topic settings
ReportedBy TWiki:Main.MeredithLesly

SVN Range Thu, 23 Mar 2006 build 9479
AppliesTo Engine

Priority Enhancement
CurrentState New

TargetRelease n/a
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2006-03-26 - MeredithLesly
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback