History: Permission Management
Source of version: 21
Copy to clipboard
A profile would not be very useful if it could not grant rights appropriately for groups. Profiles allow to create groups and to modify the permissions of existing groups using a unified syntax.
The permissions block is a top level block.
!Example
!!Group Permissions Example
{CODE(caption=>YAML,wrap=>1)}
permissions:
Anonymous:
allow: [ export_wiki ]
Registered:
description: Will be ignored because group is already created
allow: [ edit, minor ]
deny: [ export_wiki ]
Moderators:
description: Trusted users watching the recent changes to avoid spam
allow: [ rollback ]
include: [ Registered ]
{CODE}
!!Group Permissions and Object Permissions Example
{CODE(caption=>YAML,wrap=>1)}
permissions:
Anonymous:
allow: [ export_wiki ]
Registered:
description: Will be ignored because group is already created
allow: [ edit, minor ]
deny: [ export_wiki ]
Moderators:
description: Trusted users watching the recent changes to avoid spam
allow: [ rollback ]
include: [ Registered ]
objects:
-
type: forum
id: $moderator_discussion_forum
allow: [ forum_post, forum_post_topic, forum_read ]
{CODE}
!! Dynamic group name example
The dynamic groups are useful when ((Data Channels)) are used to set-up workspaces. Based on user input or object reference, a dynamic group name can be created and used instead of the simple group name.
{CODE(caption=>YAML,wrap=>1)}
mappings:
Member: Member ($profileobject:some_ref$)
Leader: Leader ($profileobject:some_ref$)
permissions:
Member:
allow: [ view, edit ]
Leader:
allow: [ view, edit, rollback ]
{CODE}
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using ((Object References)). The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
!Group attributes
Unless mentioned otherwise, these attributes only apply on group creation
||__Field name__|__Mandatory__|__Value__
description| |Group description
allow| |List of permissions granted to the group. Permissions are as used in tikiwiki, except initial ''tiki_p_'' is removed. Applies on existing groups.
deny| |Negative permissions. Same as ''allow''. Applies on existing groups.
include| |Group name or list of included groups. Applies even if the group exists. Will replace the current list of included groups.
objects| |List of ''objects permissions''. (see below)
home| |URL of the group home.
theme| |Default theme for members.
user_signup| |y or n, users can join this group themselves
default_category| |Category ID.
user_tracker| |Tracker ID.
group_tracker| |Tracker ID.
registration_fields| |List of tracker fields to display in the registration form.
||
!Object permissions
||__Field name__|__Mandatory__|__Value__
type|yes|Object type, as known in tikiwiki or profiles
id|yes|Object ID.
allow| |Similar to group allow.
deny| |Similar to group deny
||
!!Related tool
^The YAML Camel for permissions.
You can use {file name="YAML Camel - Permissions.xlsx" page="PermissionManagement" desc="this spreadsheet"} to create (most of) the YAML markup you need to create a permissions profile. (Excel 2007)^