Loading...
 
Skip to main content

Features / Usability

Forum List Topic List

Forums » Features / Usability » Permission Assignment Confusion
 
Thread actions
Print this page
  • Print all pages

    • Permission Assignment Confusion

    Posted by kwow posts: 131 Singapore

    Hi everybody,

    I have a scenario here when assigning permission for different user. I cannot figure out that well...Say,

    I have 4 users - A, B C and D and 3 groups- fish, cat and dog. Created 3 Wiki pages related to fish, cat and dog subjects. Wanted users A and B to have admin rights to group fish, user C to have admin rights to group cat and user D to have admin rights to group dog.

    Aim is to have users to be able to view but no edit rights except for their groups they are assign to.

    What is the best ways to assign permissions for this scenario?? I have been trying (maybe too much) and got confused and messed up...

    Thanks in a million.

    Reads: 1437
    Posted by colorado posts: 157 United States

    There are several different ways to accomplish what you are asking.

    Click the perms button on each wiki page and you can assign different permissions to whatever user(s) and/or group(s) you want on an individual basis.

    Remember that in admin --> general there is a setting to automatically create a separate "group" for each registered user. If you enable that then you can use "group" permissions to set all your permissions, even for individual users, because then the "groups" dropdown selector, wherever it appears (for all types of objects, not just wiki pages) will list each individual as a "group".

    Alternatively, you can use Categories instead of groups as containers for separating content into different "subjects". To do it this way:

    1) Create a Category for each subject, named: Fish, Cat and Dog.

    2) Create a GROUP for each Category, with corresponding names: FISH, CAT and DOG. (I use all caps for all my groups that correspond to category names. This makes them easier/quicker for me to identify in the group permission drop-down selectors throughout my site.)

    3) Then, whenever you put content of any type (not just wiki pages!) into a category, that content will automatically inherit the permissions of that category.

    4) Then you can give any user(s) or group(s) permissions to access certain site content related to some specific subject matter simply by assigning the content/object to a Category and then adding a user/group to the corresponding GROUP.

    5) Make sense?

    -- Colorado

    Posted by kwow posts: 131 Singapore

    Thanks for both on your response.

    I went ahead and tested Colorado's second method which I think is easier and less tedious. Just felt that Gary's method is a bit tedious as you have to set permissions on every wiki page.

    Sadly, after trying out Colorado's method...I still could not get it to perform the way I wanted. Maybe I am missing something here....

    Below are the steps that I have performed:
    1. Created a wiki page for each subject, named: Fish, Cat and Dog.
    2. Created a Group for named: FISH, CAT and DOG. Assign user A & B to group FISH, C to CAT and D to DOG. Users A to D are assigned Editors level of permissions.
    3. Create a Category for each subject, named: Fish, Cat and Dog.
    4. Assign Fish, Cat and Dog wiki page object to its respective category.
    5. Assign permission for Fish category as Anonymous - tiki_p_view_categories and FISH - tiki_p_admin_categories.
    6. Log out and log in as users A-D to look at the outcomes.

    Still users A-D can edit all pages as if there is no control. But non-logged in users works as it only allow viewing.

    Colorado, apprecaite your help on this.

    Posted by Gary Cunningham-Lee posts: 4664 Japan

    > Thanks for both on your response.
    >
    > I went ahead and tested Colorado's second method which I think is easier and less tedious. Just felt that Gary's method is a bit tedious as you have to set permissions on every wiki page.
    >
    > Sadly, after trying out Colorado's method...I still could not get it to perform the way I wanted. Maybe I am missing something here....
    >
    > Below are the steps that I have performed:
    > 1. Created a wiki page for each subject, named: Fish, Cat and Dog.
    > 2. Created a Group for named: FISH, CAT and DOG. Assign user A & B to group FISH, C to CAT and D to DOG. Users A to D are assigned Editors level of permissions.
    > 3. Create a Category for each subject, named: Fish, Cat and Dog.
    > 4. Assign Fish, Cat and Dog wiki page object to its respective category.
    > 5. Assign permission for Fish category as Anonymous - tiki_p_view_categories and FISH - tiki_p_admin_categories.
    > 6. Log out and log in as users A-D to look at the outcomes.
    >
    > Still users A-D can edit all pages as if there is no control. But non-logged in users works as it only allow viewing.
    >
    > Colorado, apprecaite your help on this.


    I was waiting to here how Colorado manages this, but will reply in the meantime. At my sites (running 1.9.0), assigning a wiki page to a category seems to give the page the same viewing permissions as the other pages in the category, but I don't actually understand why this should be the case. My understanding is that "tiki_p_view_categories" only controls visibility of the category information itself — the tree, links, etc. — and it doesn't address the accessibility of the categorized objects themselves. In fact, wiki pages within a category can have different viewing permissions, so which ones are supposed to be assigned automatically via category assignment? There's no interface to control this, as far as I can tell.

    For example, I have a category Bugs, and generally this is private content. Bugs pages are visible only to the Elmer user group. I found that categorizing a new page in the Bugs group does in fact make it inaccessible to anonymous users, even if no specific perms are assigned to it, if "Assign permissions automatically" is checked on the admin categories page. Is this an undocumented feature? On the other hand, there are other objects at the site in the Bugs category, such as a Directory category, and anonymous users can view these. Therefore, I think we can't assume that viewing permissions are inherited automatically based on category assignment.

    I'd like to do some more tests, and would like to hear about other people's experiences with categorizes and permissions. But in the meantime, I'd recommend assigning permissions via single objects or wiki structures.

    -- Gary


    Posted by Gary Cunningham-Lee posts: 4664 Japan

    > Hi everybody,
    >
    > I have a scenario here when assigning permission for different user. I cannot figure out that well...Say,
    >
    > I have 4 users - A, B C and D and 3 groups- fish, cat and dog. Created 3 Wiki pages related to fish, cat and dog subjects. Wanted users A and B to have admin rights to group fish, user C to have admin rights to group cat and user D to have admin rights to group dog.

    A Group in Tiki refers to users, not site content, so I assume the three groups — fish, cat and dog — are the admin groups for fish-, cat- and dog-related site content.

    On your fish group page (tiki-assignpermission.php?group=fish), assign tiki_p_admin_wiki to users A and B; in the cat group, assign tiki_p_admin_wiki to user C, and in the dog group, assign tiki_p_admin_wiki to user D. (I'm assuming tiki_p_admin_wiki includes permissions for page editing, removing, rolling back, and so on; seems like in my own cases, I assigned these things individually but I guess tiki_p_admin_wiki covers them all).

    Now to allow read-access, either give tiki_p_view to the Anonymous group so that it is the site default, or assign it to the groups fish, cat and dog if you don't want others reading those pages.

    As the site admin, you can log in as any user to test what they can and can't see and do. This is what the "user" textfield is for in the log-in module. It would be a good idea to log in as A - D to check that the permissions are set correctly.

    -- Gary


    Posted by kwow posts: 131 Singapore

    > > Hi everybody,
    > >
    > > I have a scenario here when assigning permission for different user. I cannot figure out that well...Say,
    > >
    > > I have 4 users - A, B C and D and 3 groups- fish, cat and dog. Created 3 Wiki pages related to fish, cat and dog subjects. Wanted users A and B to have admin rights to group fish, user C to have admin rights to group cat and user D to have admin rights to group dog.
    >
    > A Group in Tiki refers to users, not site content, so I assume the three groups — fish, cat and dog — are the admin groups for fish-, cat- and dog-related site content.
    >
    > On your fish group page (tiki-assignpermission.php?group=fish), assign tiki_p_admin_wiki to users A and B; in the cat group, assign tiki_p_admin_wiki to user C, and in the dog group, assign tiki_p_admin_wiki to user D. (I'm assuming tiki_p_admin_wiki includes permissions for page editing, removing, rolling back, and so on; seems like in my own cases, I assigned these things individually but I guess tiki_p_admin_wiki covers them all).
    >
    > Now to allow read-access, either give tiki_p_view to the Anonymous group so that it is the site default, or assign it to the groups fish, cat and dog if you don't want others reading those pages.
    >
    > As the site admin, you can log in as any user to test what they can and can't see and do. This is what the "user" textfield is for in the log-in module. It would be a good idea to log in as A - D to check that the permissions are set correctly.
    >
    > — Gary
    >

    Gary,
    I'm also waiting on Colorado comments to see his side of the story. Meanwhile, I have also tested out your method.

    Its not really working to my expectation yet...One thing you miss to mention is what kind of permission is to be assigned to users A, B, C and D. For me, I have assigned Editors rights to all the users A, B, C and D. This would mean all would have access rights to all the pages even though I assign group permission to the pages.
    So what permission should I be assigning to users A, B, C and D?? Should I assign them as Registered users - if yes, so when I assign tiki_p_admin_wiki to users A and B, will users A and B inherit this rights only in the fish page or from then on?? Very confusing now.....

    One thing I like about Colorado's method is his idea of inheritance from category (pending his confirmation), this would save a lot of trouble to remember assigning permission on every page that is spun off from the same categoty.

    Hope you can shed some light here...Thanks.

    Posted by kwow posts: 131 Singapore

    Hi Gary & Colorado,

    Hope to receive your expertise insights to the issue. Right now, I am stuck in assigning permissions...maybe I will have to give up the idea altogether....

    --kwow

    Posted by Gary Cunningham-Lee posts: 4664 Japan

    > Hi Gary & Colorado,
    >
    > Hope to receive your expertise insights to the issue. Right now, I am stuck in assigning permissions...maybe I will have to give up the idea altogether....

    Don't give up. 😉 It is definitely do-able. People are running many Tiki sites with all sorts of permissions set. I was going to post again here but I realized there were some assumptions in my thinking, so I want to do a bit of testing before I say anything else. I have a new Tiki site that's still fairly empty and I can make some test groups and users and try to produce a good set of rules.

    -- gary_c

    Posted by kwow posts: 131 Singapore

    > Don't give up. 😉 It is definitely do-able.
    Appreciate the encouragement and I'm trying to keep my head up...

    >I have a new Tiki site that's still fairly empty and I can make some test groups and users and try to produce a good set of rules.
    Gary, I will be glad to be one of the users if you need anyone....Juz let me know. Good day to you. 😎

    --kwow