SID-00763: Access control check on existance of a user

Status:	Answered	TWiki version:	4.3.2	Perl version:	5.8
Category:	CategorySecurity	Server OS:	RH	Last update:	1 year ago

Access control can be set in a topic as

    * Set DENYTOPICVIEW = Main.TWikiGuest

In use cases we find that the Main part of the above is sometimes left out and so the topic is not protected as expected.

Should access control check if a WikiWord in the access control list exists as a user as in TWikiUser

-- PeterJones - 2010-02-24

Discussion and Answer

I am not positive, but I recall that the web part is optional, e.g. you get a broken link, but access control still works based on the name of the user or group. Needs to be verified.

Access control settings in Main web should not require a web prefix. In fact, for readability it is better to omit the web if in the Main web.

We could add a check for web prefix unless in Main web, but rather than that I'd prefer a GUI for access control, e.g. point & click to define groups and to set access control on web level and page level.

-- PeterThoeny - 2010-02-25

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider a subscription for support or engage one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2010-04-05

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.