create new tag
, view all tags

Hiding User Pages

My company does custom application developement - specifically, factory automation software.

We have a TWiki that we have used for a few years as an internal collaboration area (actually, only a very few of us have used it, but that's a different story). Now we are considering opening it up to allow TWiki-based collaboration with specific customers. But we think it would not be a good idea for members of customer X to be able to see the list of members of customer Y. And we don't think it is necessarily a good idea for any customer to be able to see the list of users from our company.

The only way we have thought of to solve this problem is to make the Main web not viewable by anyone other than our internal users. This means, though, that customers will not be able to edit their own user page. For example, Joe User will not be able to edit or even view the page Main.JoeUser.

The same consideration applies to group pages, e.g. Main.CoolCustomerGroup.

Has anyone else been troubled by this situation? Are we just worrying too much?

I created this page here because the only solutions I can think of involve a pretty large rewrite of the TWiki Access.pm. For example, external (non-TWiki-page) ACL's that provide fine-grained control over who can see what.

-- DaleBrayden - 17 Mar 2003

Seems like a good/valid point to me, and may apply to things other than users.

My one (uninformed) thought is to consider additional (hidden) webs -- this would be relatively straightforward for things other than users and groups, but if appropriate changes were made to allow users in several different webs, then the solution for keeping any information confidential would be consistent for all types of information. (Ignoring that TWiki is apparently not that good at keeping information confidential -- or has that changed? -- I'm thinking of the ways that information in a hidden web can be viewed, maybe via a search?)

-- RandyKramer - 18 Mar 2003

There are indeed some flaws in the search function - it correctly does not search inside webs that have the NOSEARCHALL = on, but does search in webs that a user does not have the right to view, based on ALLOWWEBVIEW and DENYWEBVIEW. I'm in the process of changing this behavior in my own installations, and when/if I complete the changes I'll post them here for vetting by the TWiki developers.

Your idea about allowing user / group pages in different webs is intriguing. But it makes my head spin trying to think it through: somehow TWiki needs to locate the current user's user page, and the set of groups to which that user belongs. So it seems that there needs to be a central repository for that information. Currently that repository is the Main web, and it contains not only the location of the user page and groups, but also their specification. But I want to hide even the existence of group of users from members of another group ... this all seems difficult unless TWiki were modified to store the user/group information in a database, say, rather than in searchable/listable/viewable topic pages.

-- DaleBrayden - 18 Mar 2003

Today, the user pages are referenced from topic pages as %MAINWEB%.UserName. This is also true inside the TWiki code - it is just assumed that user pages reside in the Main web (or in whatever web MAINWEB is defined as). But what if TWiki provided a variable, USERPAGE say, that could be referenced as %USERPAGE{"UserName"}%. This could be implemented fairly easily - already TWiki looks as TWikiUsers to map login name to wiki name. Why not also use that topic to determine the location of each user's page? Then it would be quite feasible to put user pages into hidden webs, as suggested by RandyKramer.

-- DaleBrayden - 19 Mar 2003

Sounds good to me!

-- RandyKramer - 20 Mar 2003

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2003-03-20 - RandyKramer
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.