Item10078: First step to improve AccessControl document. Get rid of t…

…he rubbish Someone added the false information that access preferences can be defined in Default- and SitePreferecnes and work site wide This is false. Such settings are totally ignorred. You have to define DENYWEB and ALLOWWEB preferences in each WebPreferences in at least each r$ I can understand that people get confused when they read this false info first and further down the document get the right information git-svn-id: http://svn.foswiki.org/trunk@10067 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Nov 25, 2010 · 8e9e426 · 8e9e426
1 parent 53f114e
commit 8e9e426
Showing 1 changed file with 5 additions and 11 deletions.
diff --git a/core/data/System/AccessControl.txt b/core/data/System/AccessControl.txt
@@ -85,7 +85,7 @@ Access to webs and topics is controlled by setting the values of certain
 
 _permission_ _context_ _mode_
 
-Where _permission is =ALLOW= or =DENY=, _context_ is =TOPIC=, =WEB=, or =ROOT=, and _mode_ is =VIEW=, =CHANGE=, or =RENAME=. For example, the preference =ALLOWTOPICCHANGE= lists who is allowed to change
+Where _permission is =ALLOW= or =DENY=, _context_ is =TOPIC=, =WEB=, or =ROOT=, and _mode_ is =VIEW=, =CHANGE=, or =RENAME=. For example, the preference =ALLOWWEBCHANGE= lists who is allowed to change
 topics in the current web.
 
    * Restricting VIEW blocks viewing and searching of content. When you restric VIEW to a topic or web, this also restricts [[VarINCLUDE][INCLUDE]] and [[FormattedSearch][Formatted SEARCH]] from showing the content of the topics.
@@ -94,19 +94,13 @@ topics in the current web.
 
 <blockquote class="foswikiHelp">%X% *There is an important distinction between CHANGE access and RENAME access.* A user can CHANGE a topic, but thanks to version control their changes cannot be lost (the history of the topic before the change is recorded). However if a topic or web is renamed, that history may be lost. Typically a site will only give RENAME access to administrators and content owners.
 
-%X% Be warned that some plugins may not respect access permissions.
-
-%I% [[Macros#FinalMacros][FINALPREFERENCES]] affects access controls, allowing you to prevent changes to access control settings while still allowing edit access to topics.</blockquote>
+%X% Note that ALLOWWEBxxx and DENYWEBxxx preferences can only be set in %WEBPREFSTOPIC% topics. You cannot define a site level access. Each web must be protected on their own. Subwebs inherit access settings from the parent web. See next section.
 
----+++ Controlling default access to the entire Wiki.
-There are a number of external to Foswiki ways to require authentication before viewing any part of the wiki (apache rewrites, apache auth, proxying, etc).
-Or, you can use =configure= to set the *EXPERT* setting ={AuthScripts}= to contain _all_ the scripts in the =foswiki/bin= directory.
+%X% Note that ALLOWTOPICxxx and DENYTOPICxxx preferences apply only to the topic itself.
 
-However, it can be desirable to default all your created webs to exclude %USERSWEB%.WikiGuest by default, and then to open up only some topics, or some webs for guest users.
-
-This can be acheived by setting the =DENYWEBVIEW= setting (as below) in the %LOCALSITEPREFS% topic, and then 'un-setting' it for specific Web's or topics.
+%X% Be warned that some plugins may not respect access permissions.
 
-__Note:__ that your %USERSWEB%, %SYSTEMWEB% and %SANDBOXWEB% webs are still viewable by guest users
+%I% [[Macros#FinalMacros][FINALPREFERENCES]] affects access controls, allowing you to prevent changes to access control settings while still allowing edit access to topics.</blockquote>
 
 ---+++ Controlling access to a Web