.htpasswd
if authentication is enabled.
Main
web, like the TWikiAdminGroup. To create a new group:
Edit
TWikiGroups by entering a new topic with a name that ends in Group
. Example:
SomeGroup
Set GROUP = < list of Users and/or Groups >
Set ALLOWTOPICCHANGE = < list of Users and/or Groups >
Set GROUP = Main.SomeUser, Main.OtherUser, Main.SomeGroup
Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup
Set DENYTOPICCHANGE = < list of Users and Groups >
Set ALLOWTOPICCHANGE = < list of Users and Groups >
Set DENYTOPICCHANGE = Main.SomeBadBoy, Main.SomeBadGirl, Main.SomeHackerGroup
Set ALLOWTOPICCHANGE = Main.SomeGoodGuy, Main.SomeGoodGirl, Main.TWikiAdminGroup
Set DENYWEBCHANGE = < list of Users and Groups >
Set ALLOWWEBCHANGE = < list of Users and Groups >
Set DENYTOPICRENAME = < list of Users and Groups >
Set ALLOWTOPICRENAME = < list of Users and Groups >
Set DENYTOPICRENAME = Main.SomeBadBoy, Main.SomeBadGirl, Main.SomeHackerGroup
Set ALLOWTOPICRENAME = Main.SomeGoodGuy, Main.SomeGoodGirl, Main.TWikiAdminGroup
Set DENYWEBRENAME = < list of Users and Groups >
Set ALLOWWEBRENAME = < list of Users and Groups >
DENYTOPICVIEW
/ ALLOWTOPICVIEW
preferences variables, provided that the view script is authenticated. However this setup is not recommended since all content is searchable within a web - a search will turn up view restricted topics.
all webs
search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL
variable in WebPreferences:
Set NOSEARCHALL = on
Set DENYWEBVIEW = < list of Users and Groups >
Set ALLOWWEBVIEW = < list of Users and Groups >
DENYWEBVIEW
is evaluated before ALLOWWEBVIEW
. Access is denied if the authenticated person is in the DENYWEBVIEW
list, or not in the ALLOWWEBVIEW
list. Access is granted in case DENYWEBVIEW
and ALLOWWEBVIEW
is not defined.
NOSEARCHALL
variable in its WebPreferences topic:
Set NOSEARCHALL = on
view
to the list of authenticated scripts in the .htaccess
file.
view
script is authenticated, which means that all Users have to login, even for read-only access. (An open guest account, like TWikiGuest, can get around this, allowing anyone to login to a common account with, for example, view-only access for public webs.) TWikiInstallationGuide has more on Basic Authentication, using the .htaccess
file.
Set DENYWEBVIEW = < list of Users and Groups >
Set ALLOWWEBVIEW = < list of Users and Groups >
DENYWEBVIEW
is evaluated before ALLOWWEBVIEW
. Access is denied if the authenticated person is in the DENYWEBVIEW
list, or not in the ALLOWWEBVIEW
list. Access is granted in case DENYWEBVIEW
and ALLOWWEBVIEW
is not defined.
NOSEARCHALL
variable in its WebPreferences topic:
Set NOSEARCHALL = on
$doRememberRemoteUser
flag in lib/TWiki.cfg
as described in TWikiUserAuthentication. TWiki will now remember the IP address of an authenticated user.
view
script to viewauth
(or better, create a symbolic link)
viewauth
to the list of authenticated scripts in the .htaccess
file. The view
script should not be listed in the .htaccess
file.
view
script to the viewauth
script once (this happens only if the user has never edited a topic). Doing so will ask for authentication. The viewauth
script shows the requested topic if the user could log on and if the user is authorized to see that web.
Authenticating webs is not very secure, as there is a way to circumvent the read access restriction. It can be useful in certain situations - for example, to simplify site organization and clutter, by hiding low traffic webs - but is not recommended for securing sensitive content.
$superAdminGroup
variable in lib/TWiki.cfg
to the name of a group of Users who are always allowed to edit/view topics.
$superAdminGroup = "TWikiAdminGroup";