Tags:
create new tag
, view all tags

Question

Hi,

We're in the final stages of implementing TWiki as an internal wiki, and as an external customer-facing knowledgebase (just getting ready for the beta test release).

What we intend to do, ideally, is combine the two - have the one wiki, but set the security access so that internal users have full read/write capabilities, but external customers have read-only access - like a traditional knowledgebase - at least to begin with.

On paper, its just a case of having two different groups of users with different security settings and access, but does anyone have experience of running TWiki in this way and are there any issues or pitfalls we can expect?

Any advice would be appreciated at this point - forewarned is forearmed...

PS - side note, everyone on the project team is really excited about finally rolling our TWiki knowledgebase out. The potential benefits to us are enormous. Thanks very much indeed to everyone involved in making this fantastic piece of software!!

Environment

TWiki version: unspecified
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:  
Web server:  
Perl version:  
Client OS:  
Web Browser:  
Categories: Deployment

-- SimonKnaggs - 03 Aug 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Many TWikis in the wild wild internet are run in quite a similar fashion, simply to prevent spam: Allow everybody (maybe anonymous) read access, but only members of a dedicated group may edit, upload and the like. An additional separation between internal and external is more or less a question of network topology, but leaves you with additional options.

  • The general strategy is to have one group for authors, and restrict CHANGE for all webs to this group. This has to be done once for all existing webs, and if you do it in your template web(s) (named _default in the distribution), then all webs you create from that time onward will have the setting right from the start. Internal users have to be added to the authors group manually after registration, unless you can leverage some LDAP backend.
  • The topic TWiki.TWikiAccessControl will at any time allow to get a quick and easy overview about the current settings on a web level.
  • You can either force external users to register and authenticate, or simply accept them as anonymous guests (TWikiGuest). Since they can not edit anyway, this is only a question of sharing intellectual property, and maybe of tracking user behaviour in logfiles.
  • Collecting external users with read-only access in a group of their own isn't really helpful in my opinion. If you want to differenciate between anonymous users and registered users, the easiest way is to deny read access for TWikiGuest.
  • If your internal network is behind a firewall (it should be), and if you have a private IP range in your internal network, you can add an extra level of security by allowing access to modifying scripts only from within that network in the web server configuration - or, depending on your network topology, you might need to explicitly exclude the external gateway from modifications.
  • Using a corporate single sign-on for internal users, and simultaneously registered external users, is a bit of a challenge and therefore postponed to the "advanced" sections smile

Have fun!

-- HaraldJoerg - 03 Aug 2007

Hi Harald,

Once again, thanks for your advice. The real fun should start once we have this up and running and in use. Then we're going to get all ambitious and start opening it up to external write-access users - at least at some level. We're looking at ways of preserving the integrity of documentation we've produced but letting users add their own comments. And, yes - single sign-on for everyone is one of our ambitions (eventually). If you hear screaming from Newcastle then you'll know its gone wrong!!

Cheers Harald.

-- SimonKnaggs - 16 Aug 2007

Marked as answered.

-- CrawfordCurrie - 25 Aug 2007

Change status to:
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2007-08-25 - CrawfordCurrie
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.