Permissions Settings

Table of contents

• Permissions Settings
  • Understanding Tiki Permissions
    • How Permissions Work
  • Horizontal and vertical permissions structures.
    • Group (Vertical) Permissions
    • Category (Horizontal) Permissions
  • Managing permissions
  • Permissions by section
  • Demo site for testing
  • Category permissions
  • Workspaces
• Alias

Understanding Tiki Permissions

The most important part of Tiki administration is understanding the permission system used by Tiki. Here are the basic permission components and how they interact. A complete list of permissions can be found on the Permissions List page.

How Permissions Work

• Administrators can create and edit a Groups.
  • Each Groups can have a fully customized access to all site features.
  • Users can be assigned to one or several groups.
  • Groups can have subgroups.
  • Permissions are assigned to Groups, NOT users.
• Administrators can create and edit a Category.
  • Objects (after 1.9) can be added to categories.
  • a category can then be assigned to a group.
  • category based permissions give members of the Groups the right to view, the right to edit category contents (introduced in Tiki >1.10) or the right to manage the category (or any combination of them).
• Individual objects can have permissions applied to them directly
• If no permissions are specified for a Groups or category universal permissions apply.

When Tiki is installed, there are at least two pre-defined groups:

• Anonymous: Users that are not logged automatically belong to the anonymous group.
• Registered group: Users logged in automatically belong to this group.

What order are permissions settings applied?

• category permissions override universal (group based) permission settings.
• Individual object permissions override category permissions.
• Users will have the aggregated permissions of all Groups they are in.

For example, if a user in Group "Registered" is normally allowed to edit wiki pages, and the Category "AdminPages" only allows editing wiki pages by members of Group "Admin", the Registered user will not be able to edit wiki pages which have Category "AdminPages". If an object in Category "AdminPages" has a local setting overriding the category, then editing by Registered users may be allowed.

---

Horizontal and vertical permissions structures.

Group (Vertical) Permissions

Tikiwiki's most basic permission system is based on groups.There are two pre-defined groups:

• Anonymous: Users that are not logged in automatically belong to the anonymous group.
• Registered group: Registered users that are logged in automatically belong to this Groups

The site administrator can create multiple Groups of users, including Groups that contain other groups. For example, a school site may have Groups like this:


In the diagram above we see three groups: pupils, instructors, and administrators. The instructors and administrators are both members of a fourth Groups, school personnel. Finally all three of the lowest level Groups are part of the All School group.

A Tiki administrator would give the privileges that applied to any user to the "All School Group". The "School Personnel" Groups would be assigned all privileges that apply to both Instructors and "Administrators". Finally each individual Groups would be assigned privileges that apply only to them.

To see a step by step procedure for setting permissions, see the Groups Admin page.

Category (Horizontal) Permissions

"Horizontal permissions" enable object permissions, which are applied to categories of content. Horizontal permissions are built by creating a privilege on a category for a group. Extending our school example (see above), an administrator can use Horizontal Permissions to set up configurations like these:

• The Red Team and the Blue Team are both part of the pupils group. We can create sub-groups for each team, create categories for each team, and associate a wiki page with each category. Each team will now have a wiki page that is exclusively viewable and/or editable by their team members.
• We can create categories for status (not started, in progress, finished, testing, released) and set different permissions for each status. For instance, the "testing" team could be restricted from editing an object unless it was in testing status.

To see a step by step procedure for setting category permissions, see the Category Admin page.

Tiki provides you with virtually unlimited permission configurations for your Tiki-powered site. Tiki 1.9 offers 170+, (yes more than 170!) different permissions you can assign to any group. And Groups can be included in Groups, and thereby, inherit permissions. Below is a list of global permissions you can set Tiki-wide.

And permissions can be overriden for many features. For example, you can set permissions for image galleries in general. But say, you want a specific image gallery to have different permissions (more or less restrictive, your choice), it is easy to do. Please note that once you set a specific permission (for a specific image gallery), it completely overrides the default ones (that apply to image galleries in general). This provides you full control.

Managing permissions

Starting in Tiki4, a new interface has been designed to manage object and category permissions.

In this new interface there are three tabs. The first one to allow assigning permissions.



the second tab is to select which groups should be included in the table for assigning permissions, since when the list of groups is too big, assigning permissions could be too slow.



The third tab is also to filter the number of features that should be shown in the interface. This is specially needed when managing category permissions, to avoid having a list far bigger than needed for our purposes in specific cases.



In addition, this new interface to manage permissions includes several features:

You can assign or remove all object permissions on all child categories if this box is checked. You can filter the whole list of permissions dinamically to list only those containing some text You can expand or collapse at will any of the sections of permissions You can select one by one the permissions to be assigned or checking the box at the column title (group name) level, and that selection will propagate to all the checkbox shown in that column.

Permissions by section

Name	Description	Permissions	Can override global permissions?
Articles	Articles can be used for date-specific news and announcements. You can configure articles to automatically publish and expire at specific times or to require that submissions be approved before becoming "live." In addition to categories and tags, articles include their own unique classification system of Topics and Types.	tiki_p_edit_article tiki_p_remove_article tiki_p_read_article tiki_p_submit_article tiki_p_edit_submission tiki_p_remove_submission tiki_p_approve_submission tiki_p_admin_cms tiki_p_autoapprove_submission tiki_p_topic_read	via topic_read
Forum	Online discussions on a variety of topics. Threaded or flat. File attachments, etc	tiki_p_admin_forum tiki_p_forum_post tiki_p_forum_post_topic tiki_p_forum_read tiki_p_forum_vote tiki_p_forums_report tiki_p_forum_attach tiki_p_forum_autoapp	yes
File Gallery	Computer files, videos or software for downloading. With check-in & check-out (lock)	tiki_p_admin_file_galleries tiki_p_create_file_galleries tiki_p_upload_files tiki_p_download_files tiki_p_view_file_gallery tiki_p_batch_upload_files	yes
Calendar	Events calendar with public, private and group channels	tiki_p_view_calendar tiki_p_change_events tiki_p_add_events tiki_p_admin_calendar tiki_p_view_tiki_calendar	yes
Image Gallery	Collections of graphic images for viewing or downloading (photo album)	tiki_p_admin_galleries tiki_p_create_galleries tiki_p_upload_images tiki_p_view_image_gallery tiki_p_batch_upload_images tiki_p_batch_upload_image_dir	yes
Tracker	Facts and figures storage & retrieval. A forms & database generator, with reporting. Can be used for a bug tracker, item database, issue tracker, etc	tiki_p_modify_tracker_items tiki_p_comment_tracker_items tiki_p_create_tracker_items tiki_p_admin_trackers tiki_p_view_trackers tiki_p_attach_trackers tiki_p_view_trackers_pending tiki_p_view_trackers_closed tiki_p_tracker_view_ratings tiki_p_tracker_vote_ratings	yes
Wiki	Collaboratively authored documents with history of changes. Tiki's Wiki has all the features you could want from a first-rate wiki. Ex.: attach files, comments, history, images, warn on edit, page locking, powerful wiki syntax, etc	tiki_p_edit tiki_p_view tiki_p_remove tiki_p_rollback tiki_p_admin_wiki tiki_p_wiki_attach_files tiki_p_wiki_admin_attachments tiki_p_wiki_view_attachments tiki_p_upload_picture tiki_p_minor tiki_p_rename tiki_p_lock tiki_p_edit_structures tiki_p_edit_copyrights tiki_p_wiki_view_comments tiki_p_wiki_view_ratings tiki_p_wiki_vote_ratings tiki_p_wiki_admin_ratings tiki_p_wiki_view_history tiki_p_use_HTML	yes
Map	Navigable, interactive maps with user-selectable layers (requires mapserver)	tiki_p_map_edit tiki_p_map_create tiki_p_map_delete tiki_p_map_view tiki_p_map_view_mapfiles
MyTiki	Provide content organization and communication tools for registered users Bookmark, User Preferences, Watch, User Menu, Task, Inter-User Messages, User Files, Notepad and Mini Calendar	tiki_p_configure_modules tiki_p_minical	N/A
Survey	Questionnaire with multiple choice or open ended question	tiki_p_admin_surveys tiki_p_take_survey tiki_p_view_survey_stats	yes
Quiz	Timed questionnaire with recorded scores	tiki_p_admin_quizzes tiki_p_take_quiz tiki_p_view_quiz_stats tiki_p_view_user_results	yes
Directory (links)	User-submitted Web links	tiki_p_admin_directory tiki_p_view_directory tiki_p_admin_directory_cats tiki_p_admin_directory_sites tiki_p_submit_link tiki_p_autosubmit_link tiki_p_validate_links	yes
Featured links	Simple menu system which can optionally add an external web page in an iframe
Task	To do list. Can send tasks to other users. Also shared group tasks.	tiki_p_tasks tiki_p_tasks_send tiki_p_tasks_receive tiki_p_tasks_admin	N/A
Slideshow	Turn a wiki page into slideshow by using more than one title bar in the page. You can also make slideshows from a structure. Here is a nice example of a slideshow about Using a Wiki as an Organizational Portal
Kaltura Video	Collaborative video editing
Chat	Real-time group text chatting	tiki_p_admin_chat tiki_p_chat
MyTiki Inter-User Messages	Enable users to send internal messages to each other. (like email but internal to your tiki site). A broadcast is a message sent to many users, the message can be sent to a Tiki group or to all users (if permissions are ok).	tiki_p_messages tiki_p_broadcast tiki_p_broadcast_all	N/A
Spreadsheet	Datasheets with calculations and charts	tiki_p_admin_sheet tiki_p_edit_sheet tiki_p_view_sheet tiki_p_view_sheet_history	no
FAQ	Frequently asked questions and answers	tiki_p_admin_faqs tiki_p_view_faqs tiki_p_suggest_faq	no
Newsletters	Content mailed to registered users	tiki_p_admin_newsletters tiki_p_subscribe_newsletters tiki_p_subscribe_email tiki_p_send_newsletters	yes
Blog	Online diaries or journals	tiki_p_create_blogs tiki_p_blog_post tiki_p_blog_admin tiki_p_read_blog	yes
Live support	One-on-one chatting with customer	tiki_p_live_support_admin tiki_p_live_support
HTML page	Static and dynamic HTML content. Note: HTML can be used in wiki pages. This is a separate feature.	tiki_p_view_html_pages tiki_p_edit_html_pages
Gmap	Use of Google Maps interactively inside Tiki.
User Files	Users upload files and store them in their tiki personal space, they can then download the files.	tiki_p_userfiles
User notepad	Users can write, upload, download and read notes. Notes can be read as raw text files or as Wiki pages interpreting the Wiki markup syntax. The user-quota that admin can control is used to set the maximum size that user notes can take.	tiki_p_notepad	N/A
User Page	Permits each user to have a personal wiki page.
Shoutbox	Quick comment (graffiti) box. Like a group chat, but not in real time.	tiki_p_view_shoutbox tiki_p_admin_shoutbox tiki_p_post_shoutbox	no
Contact	Basic form from visitor to admin		N/A
MyTiki Webmail	Give users Web-based access to their POP3 e-mail accounts	tiki_p_use_webmail	N/A
Friendship network	Users can identify other users as their friends.
WebHelp	The generated webhelp is a static representation of the structure with a js tree that can be used to navigate the structure and a search function, print function, history and some other gizmos.

Demo site for testing

Login here: (user: admin / password: demo) to test giving permissions:
http://demo.opensourcecms.com/tiki/tiki-assignpermission.php?group=Registered

Category permissions

There is also a new feature in Tiki 1.9.x to restrict permissions via the category feature. Basically, you can already assign all the permissions you need as described above. However, permissions via the category feature is just to make it faster to assign permissions. This feature is little tricky to understand. We are working to improve it. There are only two levels ("view" & "admin") in Tiki 1.9.4, and the third level ("edit" category contents) has been introduced in starting from 1.10.

Starting in 3.0, category permissions are in addition to Groups permissions. So if tiki_p_read_categorized allows reading items which are in a category, the user must also be in a group which allows reading the specific kind of object. The category can not grant access to an object which the user's groups do not give him access to.

In Tiki4, the full granularity of permissions can be assigned to categories (and thus inherited when objects belong to a given category). Another change in Tiki4 is that in addition to granting appropriate permissions from the group "category", it is also required that users or groups are granted the "tiki_p_modify_object_categories" privilege in order to allow those users and groups to add objects to categories (this includes creating new pages).

Workspaces

Workspaces are coming to Tiki4 to further facilitate management of large & complex Tiki sites.

Alias

• ACL
• ACLs
• permission
• perm
• perms
• right
• rights

---