Difference between revisions of "Manual:Extension/BlueSpicePermissionManager"

(Where to find the function PermissionManager?)
m
(Tag: 2017 source edit)
 

What is PermissionManagerBlueSpicePermissionManager?[edit | edit source]

PermissionManager allows an easy and convenient management of usergroup rights in a graphical interfaceBlueSpicePermissionManager offers easy and user-friendy way to manage user permissions on the wiki.

Where to find the function PermissionManager?BlueSpicePermissionManager[edit | edit source]

Firstly, you will need admin rights in order to call up the permission manager. If you have the right permissions, you will find "Permission manager" in the left navigation bar under "Admin". Click on the link and you will be taken to the administration page.

Sceenshot: Open the permission manager in the admin areaThe functionality of PermissionManager
PermissionManager1a.png

BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to Special:PermissionManager

Using the BlueSpicePermissionManager[edit | edit source]

Choose one of the three work modes in the drop-down menu:

  • Group: An array is displayed for a chosen user group showing the namespaces and the permissions attached.
  • Namespace: An array is displayed for a chosen namespace showing the user groups and the permissions attached.
  • Permission: An array is displayed for a chosen permission showing the user groups and the namespaces.

PERMISSION MANAGER EXPLAINEDThe role system[edit | edit source]

Permission manager is used to grant or revoke permissions. On the left side there is Groups menu that can be shown by clicking on the arrow at the top. It shows permission groups hierarchy. The asterisk (*) group includes all users that enter wiki, regardless of whether they are logged in or not. The "user" group applies to all logged in users. This groups holds different sub-groups, some of which are default to MediaWiki while others may be custom. Clicking on the group name shows (in the list to the right) all permissions granted to the group. You can add permissions by checking appropriate check box.

Assigning permissions Permissions can be granted for entire wiki (by checking "Wiki" checkbox) or only for selected namespaces. Assigning permissions follows an inheritance model. If you add permission to (*) group it will also be assigned to "user" and all sub-groups of "user". It will show like green unchecked field. When a permission is not explicitly granted to a group but its inherited from a parent group, field will appear as green and not checked

When explicitly adding permission to one groups (for entire wiki or just for one namespace) all other groups in the same hierarchy level will lose this permission.

Templates You can create templates for permissions. Templates represent collection of permissions to make permission management more straight-forward. Templates are added/edited in Template editor (click on "Edit templates" buttom at the bottom). Enter name for template, description and select permissions that will be managed by this template. When template is added it will appear at the top of the permission lists and assigning it to a group will grant all permissions defined in the template, and at the same time revoke these permissions from other groups in the same hierarchy level.

Assign the permissions as you want in the table. The permissions are colour coded. The explatation for the coding can be found in "Good to know". You can also work with permission-templates, also called roles. Such roles contain a collection of permissions. Screenshot: Settings in the PermissionManager

Good to know:

  • Assigning permissions to groups and namespaces can be done either by choosing a permission-template (role) or by choosing individual permissions.
  • Permission-templates are defined by using unique (descriptive) names.
  • A permission-template is a freely definable collection of permissions.
  • Management of permission-templates is a component of the PermissionManager (with its own dialogue).
  • The first step to set permissions is to set them in the first folder - for the whole wiki (*).
  • The permissions you set for a group, will be set automatically for the following folders, for the wiki and all namespaces (green coloured - not checked).
  • If you want to give the groups more/different permissions - maybe in different namespaces - you can select them manually, but if you do that, the other groups, in the same hierarchy level, lose that permission for the namespace you choosen.
User permissions

User:

  • Read: lets the user view pages.
  • Edit: allows the user to edit unprotected pages.
  • Create page: allows the user to create new pages (edit permission is needed here).
  • Rollback: lets the user roll back the article with a click, restoring a previous version from another author. If this permission is activated, you can find the rollback button under History next to "undo" by the last change.
  • Import: allows the user to import an article from another wiki in one go (Transwiki).

Sysop:

  • Createtalk: allows the user to create a new talk page (edit permission is needed here).
  • Writeapi: controls access to the write API ($wgEnableWriteAPI must be set to true), this means commands can be given using this external interface.
  • Upload: allows the creation of new pictures and files, i.e. pictures and files can be uploaded.
  • Files: allows the user to view files which have been uploaded (needs secure:Image), e.g. unregistered users can not see word or PDF documents.
  • Delete: allows the user to delete pages (can be found under more).
  • Move: allows the user to change the title of unprotected pages (edit permission is needed here) via move (can be found under more).
  • Move-subpages: this moves subpages along with the main page to which they are assigned (move permission is needed here). If the user has this permission, subpages are automatically moved with main pages.
  • Protect: allows the user to lock a page preventing it from being edited or moved (protect can be found under more). Editing a protected page is possible for those with this permission.
  • Block: allows the user to block IP addresses and registered users. There are various block options including stopping a user from editing and from registering new accounts and automatic blocking of other users with the same IP address. This takes place via the special page Block user.
  • Createaccount: allows the user to create new accounts (via WikiAdmin - User manager).
  • Bigdelete: allows the user to delete pages which are larger than the limit $wgDeleteRevisionsLimit. The variable DeleteRevisionsLimit can be set up in advance.
  • Undelete: allows the user to restore deleted pages.
  • Editusercssjs: allows the user to create and edit their own Monobook style and scripts.
  • Markbotedits: lets the user mark a rollback as a bot edit.
  • Suppressredirect: allows moving a page without automatically setting up a redirect. A token can be placed when the page is moved.
  • Apihighlimits: gives a user a higher limit for API queries; this ia a special permission to allow several actions to be carried out at once.
  • Browsearchive: allows the user to search for prefixes of titles of deleted pages via Special:Undelete.
  • Noratelimit: the user is not affected by rate limits.
See: User Rights

BlueSpice[edit | edit source]

WikiAdmin

User permissions

Definition

user group

editadmin

gives the user access to the module Search and, where appropriate PageTemplates in the WikiAdmin area

sysop

useradmin

gives the user access to the module User and if appropriate Groups in the WikiAdmin area

sysop

wikiadmin

grants the user full access to the WikiAdmin area

sysop

Responsible editor

User permissions

Definition

User group

responsibleeditors-changeresponsibility

lets the user change the responsible editors for a page.

sysop

responsibleeditors-viewspecialpage

lets the user see the overview of the responsible editors.

user

responsibleeditors-takeresponsibility

lets the user be assigned as a responsible editor for an article.

user

SecureFileStore

User permissions

Definition

User group

viewfiles

lets the user download and/or view files which have been uploaded.

user

ExtendedSearch

User permissions

Definition

User group

searchfiles

allows the user to search for files. Lets the user tick the extended search option Search files.

user

Review

User permissions

Definition

User group

workflowview

lets the user view work flows

user

workflowedit

lets the user create, edit, change and delete work flows

sysop

SecureFileStore

User permissions

Definition

user group

viewfiles

lets the user download and/or view files which have been uploaded.

user

Shoutbox

User permissions

Definition

user group

readshoutbox

lets the user read commentaries made using the Shoutbox.

user

writeshoutbox

lets the user add comments to the Shoutbox

sysop

Universal Export

User permissions

Definition

user group

universalexport-export

allows the user to create PDF files.

user

universalexport-export-with-attachments

allows the user to create PDF files with file attachments.

user

MediaWiki Extensions[edit | edit source]

Flagged Revisions

User permissions

Definition

user group

review

lets the user review changes.

sysop

validate

lets the user validate changes.

-

autoreview

automatically marks those edits which a user has made themselves as reviewed

sysop

unreviewedpages

lets the user see the page Special:Unreviewed pages.

sysop

Nuke

User permissions

Definition

user group

nuke

allows the user to delete articles on mass.

sysop

Permission-templates[edit | edit source]

PermissonManager lets you make regularly recurring assignments easily by using permission templates, or roles. For example, when you need to supply a new namespace with the relevant group permissions.

Create templates[edit | edit source]

To create a new role, click on "Admin" in the left hand navigation bar. Then choose "Permission manager". And click on "Edit templates".

Add template[edit | edit source]

To add a new role, you can simply click the "New" button. Existing templates can be selected and then edited. The description is only for internal use for wiki admins. All permissions known to the wiki are listed here and can be selected and deselected.

Screenshot: Template editor of the permission managers

Assign group permissions[edit | edit source]

After saving, the groups will be chosen which should be assigned the permissions of the role. A simple click on the desired namespace is enough to validate the role.

Preferences[edit | edit source]

Have a look at the admin preferences to define the PermissionManager.

Screenshots: Admin preferences
Icon-link.png

Related topics

See also[edit | edit source]

Our reference pageSince BlueSpice version 3.0, roles, as a way to manage wiki rights, are introduced. The main intention of using roles is to simplify rights management and make it more straigh-forward. Roles represent a collection of individual permissions that are necessary to perform certain function on the wiki. For example, for a user who is supposed only to be able to read the wiki, many permissions in addition to the "read" permissions are needed, like ability to change own settings, be able to search the wiki, view page ratings... All those permissions that make a logical group, are encapsulated to a role, in this example to the role "reader". This way, if wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group "reader" role, instead of assigning tens of different rights, which would such user group require.

Other functions on the wiki would also rights required for them encapsulated in a role.

By assigning role to a group, all users belonging to that group will receive rights contained in the role.

BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions.

Default roles[edit | edit source]

By default BlueSpicePermissionManager offers a number of pre-defined roles that are created to serve most of the user needs on the wiki:

  • bot - role that should be typically assigned only to the "bot" group.
  • admin - role that contains all available rights, and should be assigned only to wiki-admin groups.
  • maintenanceadmin - very similar to "admin" role, used for user groups that are responsible for maintaining wiki integrity
  • author - this role contains all permissions necessary for creating content on the wiki.
  • editor - role meant for user groups that are able to not only create own content, but to edit, create reviews and delete all content of the wik
  • reviewer - role that allows users to perform all reviewing actions on the wiki
  • accountmanager - role means for users that will manage user accounts
  • structuremanager - this role allows users to manage the structure of the wiki - move (rename) pages, create and delete namespaces...
  • reader - role that allows basic read-only access to the wiki
  • accountselfcreate - this role must be assinged to the "*" groups, in order to allow users to create user accounts by themselves
  • commenter - role for users that cannot create and edit content, but can comment on the existing content

Layout of BlueSpicePermissionManager[edit | edit source]

Adding namespaces to the role matrix

BlueSpicePermissionManager consists of:

  • the group tree on the left - showing all the groups available on the wiki in the hierarchy.
    • Group "*" - all non-logged-in users (anonymous) users belong to this group
    • Group "user" - all logged-in users belong to this group. This is the default group for all users on the wiki, every user belongs to this group by default
    • Subgroups of group "user" - all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking "Show system groups" checkbox above the tree.
  • Role matrix - table showing namespaces in columns and roles in rows

Role matrix[edit | edit source]

Viewing permissions contained in a role

The columns in the role matrix are:

  • Role information column - represented by an info icon. Clicking on this icon opens a dialog listing all the permissions contained in a particular role. The list shows permission names and short description. This list is exportable.
  • Role name
  • "Wiki" column - this column represents assignment of a role to the entire wiki. By assigning the role in this column, user group will receive permissions in the role everywhere on the wiki (all namespaces).
  • Individual namespaces - Following columns represent every (applicable) namespace on the wiki.
    • Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespaces. By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
    • Same role can be granted to multiple groups for the same namespace.
    • Which namespace will appear in the matrix can be controlled by adding column to the grid, by clicking on the arrow in table header, then "Columns" and selecting desired columns.

Role inheritance[edit | edit source]

By default, all roles granted to "*" group will be granted to "user" group, and all roles granted to "user" group will be granted to all of the groups that are a sub-group of the group "user". If a group inherits the role from upper-level group field in the role matrix will be shown in green, but the checkbox won't be checked.

Technical[edit | edit source]

Logging[edit | edit source]

Every change to the roles is logged in the MediaWiki log book, found under Special:Log under Permission Manager log type. These logs are availble only to wiki administrators (users in groups that have "admin" role granted).

Backups[edit | edit source]

All changes to role matrix is backed-up. By default, last 5 backups are being kept. This limit can be changed in BlueSpiceConfigManager, under configs for extension BlueSpicePermissionManager.


See also[edit | edit source]

Reference page for this extension.

<bs:bookshelf src="Book:User manual" />
        

        __TOC__
        

        ==What is PermissionManager?==
            

            '''PermissionManager''' allows an easy and convenient management of usergroup rights in a graphical interface.
            

            ==Where to find the function PermissionManager?==
            

            Firstly, you will need admin rights in order to call up the permission manager. If you have the right permissions, you will find "Permission manager" in the left navigation bar under "Admin". Click on the link and you will be taken to the administration page.
            

            ::: [[File:BlueSpice223-PermissionManager-Navigation-en.png|thumb|none|220px|Sceenshot: Open the permission manager in the admin area]]
            

            ==The functionality of PermissionManager==
            

            Choose one of the three work modes in the drop-down menu:
            

            * '''Group:''' An array is displayed for a chosen user group showing the namespaces and the permissions attached.
            
            * '''Namespace:''' An array is displayed for a chosen namespace showing the user groups and the permissions attached.
            
            * '''Permission:''' An array is displayed for a chosen permission showing the user groups and the namespaces.
            

            ===PERMISSION MANAGER EXPLAINED===
            

            Permission manager is used to grant or revoke permissions.
            
            On the left side there is Groups menu that can be shown by clicking on the arrow at the top.
            
            It shows permission groups hierarchy. The asterisk (*) group includes all users that enter wiki, regardless of whether they are logged in or not. The "user" group applies to all logged in users. This groups holds different sub-groups,
            
            some of which are default to MediaWiki while others may be custom. Clicking on the group name shows (in the list to the right) all permissions granted to the group. You can add permissions by checking appropriate check box.
            

            Assigning permissions
            
            Permissions can be granted for entire wiki (by checking "Wiki" checkbox) or only for selected namespaces.
            
            Assigning permissions follows an inheritance model. If you add permission to (*) group it will also be assigned to "user" and all sub-groups of "user". It will show like green unchecked field. When a permission is not explicitly
            
            granted to a group but its inherited from a parent group, field will appear as green and not checked
            

            When explicitly adding permission to one groups (for entire wiki or just for one namespace) all other groups in the same hierarchy level will lose this permission.
            

            Templates
            
            You can create templates for permissions. Templates represent collection of permissions to make permission management more straight-forward. Templates are added/edited in Template editor (click on "Edit templates" buttom at the bottom).
            
            Enter name for template, description and select permissions that will be managed by this template.
            
            When template is added it will appear at the top of the permission lists and assigning it to a group will grant all permissions defined in the template, and at the same time revoke these permissions from other groups in the same hierarchy level.
            

            Assign the permissions as you want in the table. The permissions are colour coded. The explatation for the coding can be found in "Good to know". You can also work with permission-templates, also called '''roles'''. Such roles contain a collection of permissions.
            
            [[File: BlueSpice223-PermissionManager-Dialog-en.png|thumb|none|700px|Screenshot: Settings in the PermissionManager]]
            

            '''Good to know:'''
            

            * Assigning permissions to groups and namespaces can be done either by choosing a permission-template (role) or by choosing individual permissions.
            
            * Permission-templates are defined by using unique (descriptive) names.
            
            * A permission-template is a freely definable collection of permissions.
            
            * Management of permission-templates is a component of the PermissionManager (with its own dialogue).
            

            * The first step to set permissions is to set them in the first folder - for the whole wiki (*).
            
            * The permissions you set for a group, will be set automatically for the following folders, for the wiki and all namespaces (green coloured - not checked).
            
            * If you want to give the groups more/different permissions - maybe in different namespaces - you can select them manually, but if you do that, the other groups, in the same hierarchy level, '''lose that permission''' for the namespace you choosen.
            

            '''User permissions'''
            

            User:
            

            * Read: lets the user view pages.
            

            * Edit: allows the user to edit unprotected pages.
            

            * Create page: allows the user to create new pages (edit permission is needed here).
            

            * Rollback: lets the user roll back the article with a click, restoring a previous version from another author. If this permission is activated, you can find the rollback button under History next to "undo" by the last change.
            

            * Import: allows the user to import an article from another wiki in one go ('''Transwiki''').
            

            Sysop:
            

            * Createtalk: allows the user to create a new talk page (edit permission is needed here).
            

            * Writeapi: controls access to the write API ($wgEnableWriteAPI must be set to true), this means commands can be given using this external interface.
            

            * Upload: allows the creation of new pictures and files, i.e. pictures and files can be uploaded.
            

            * Files: allows the user to view files which have been uploaded (needs secure:Image), e.g. unregistered users can not see word or PDF documents.
            

            * Delete: allows the user to delete pages (can be found under ''more'').
            

            * Move: allows the user to change the title of unprotected pages (edit permission is needed here) via ''move'' (can be found under ''more'').
            

            * Move-subpages: this moves subpages along with the main page to which they are assigned (move permission is needed here). If the user has this permission, subpages are automatically moved with main pages.
            

            * Protect: allows the user to lock a page preventing it from being edited or moved (''protect'' can be found under ''more''). Editing a protected page is possible for those with this permission.
            

            * Block: allows the user to block IP addresses and registered users. There are various block options including stopping a user from editing and from registering new accounts and automatic blocking of other users with the same IP address. This takes place via the special page ''Block user''.
            

            * Createaccount: allows the user to create new accounts (via WikiAdmin - User manager).
            

            * Bigdelete: allows the user to delete pages which are larger than the limit $wgDeleteRevisionsLimit. The variable DeleteRevisionsLimit can be set up in advance.
            

            * Undelete: allows the user to restore deleted pages.
            

            * Editusercssjs: allows the user to create and edit their own Monobook style and scripts.
            

            * Markbotedits: lets the user mark a rollback as a bot edit.
            

            * Suppressredirect: allows moving a page without automatically setting up a redirect. A token can be placed when the page is moved.
            

            * Apihighlimits: gives a user a higher limit for API queries; this ia a special permission to allow several actions to be carried out at once.
            

            * Browsearchive: allows the user to search for prefixes of titles of deleted pages via Special:Undelete.
            

            * Noratelimit: the user is not affected by rate limits.
            

            See: [http://www.mediawiki.org/wiki/Manual:User_rights#List_of_Permissions User Rights]
            

            ===BlueSpice===
            

            '''WikiAdmin'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            editadmin
            

            | style="border: 1px solid #ebecec;"|
            
            gives the user access to the module ''Search'' and, where appropriate ''PageTemplates'' in the WikiAdmin area
            

            | style="border: 1px solid #ebecec;"|
            
            sysop
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            useradmin
            

            | style="border: 1px solid #ebecec;"|
            
            gives the user access to the module ''User'' and if appropriate ''Groups'' in the WikiAdmin area
            

            | style="border: 1px solid #ebecec;"|
            
            sysop
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            wikiadmin
            

            | style="border: 1px solid #ebecec;"|
            
            grants the user full access to the WikiAdmin area
            

            | style="border: 1px solid #ebecec;"|
            
            sysop
            

            |}
            

            '''Responsible editor'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''User group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            responsibleeditors-changeresponsibility
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user change the responsible editors for a page.
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            sysop
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            responsibleeditors-viewspecialpage
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user see the overview of the responsible editors.
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            user
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            responsibleeditors-takeresponsibility
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user be assigned as a responsible editor for an article.
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            user
            

            |}
            

            '''SecureFileStore'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''User group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            viewfiles
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user download and/or view files which have been uploaded.
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |}
            

            '''ExtendedSearch'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''User group'''
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            searchfiles
            

            | style="border: 1px solid #ebecec;"|
            
            allows the user to search for files. Lets the user tick the extended search option ''Search files''.
            

            | style="border: 1px solid #ebecec;"|user
            
            |}
            

            '''Review'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="width: 20%; border: 1px solid #ebecec;"|
            
            '''User permissions'''
            

            ! style="border-color: #ebecec; border-style: solid;"|
            
            '''Definition'''
            

            ! style="border-color: #ebecec; border-style: solid;"|
            
            '''User group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            workflowview
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user view work flows
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            workflowedit
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user create, edit, change and delete work flows
            

            | style="border-color: #ebecec; border-style: solid;"|sysop
            
            |}
            

            '''SecureFileStore'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            viewfiles
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user download and/or view files which have been uploaded.
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |}
            

            '''Shoutbox'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            readshoutbox
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user read commentaries made using the Shoutbox.
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            writeshoutbox
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            lets the user add comments to the Shoutbox
            

            | style="border-color: #ebecec; border-style: solid;"|sysop
            
            |}
            

            '''Universal Export'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border: 1px solid #ebecec; width: 20%;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            universalexport-export
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            allows the user to create PDF files.
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |-
            
            | style="border-color: #ebecec; border-style: solid;"|
            
            universalexport-export-with-attachments
            

            | style="border-color: #ebecec; border-style: solid;"|
            
            allows the user to create PDF files with file attachments.
            

            | style="border-color: #ebecec; border-style: solid;"|user
            
            |}
            

            ===MediaWiki Extensions===
            
            '''Flagged Revisions'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border-image: initial; width: 20%; border: 1px solid #ebecec;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            review
            

            | style="border: 1px solid #ebecec;"|
            
            lets the user review changes.
            

            | style="border: 1px solid #ebecec;"|sysop
            
            |-
            
            | style="border: 1px solid #ebecec;"|
            
            validate
            

            | style="border: 1px solid #ebecec;"|
            
            lets the user validate changes.
            

            | style="border: 1px solid #ebecec;"|-
            
            |-
            
            | style="border: 1px solid #ebecec;"|
            
            autoreview
            

            | style="border: 1px solid #ebecec;"|
            
            automatically marks those edits which a user has made themselves as reviewed
            

            | style="border: 1px solid #ebecec;"|sysop
            
            |-
            
            | style="border: 1px solid #ebecec;"|
            
            unreviewedpages
            

            | style="border: 1px solid #ebecec;"|
            
            lets the user see the page ''Special:Unreviewed pages''.
            

            | style="border: 1px solid #ebecec;"|sysop
            
            |}
            

            '''Nuke'''
            

            {| class="contenttable" style="width: 100%;" border="0"
            
            |-
            
            ! style="border-image: initial; width: 20%; border: 1px solid #ebecec;"|
            
            '''User permissions'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''Definition'''
            

            ! style="border: 1px solid #ebecec;"|
            
            '''user group'''
            

            |-
            
            | style="border: 1px solid #ebecec;"|
            
            nuke
            

            | style="border: 1px solid #ebecec;"|
            
            allows the user to delete articles on mass.
            

            | style="border: 1px solid #ebecec;"|sysop
            
            |}
            
<!--==Tips for working with PermissionManager==-->
            

            ==Permission-templates==
            

            PermissonManager lets you make regularly recurring assignments easily by using permission templates, or roles. For example, when you need to supply a new namespace with the relevant group permissions.
            

            ===Create templates===
            

            To create a new role, click on "Admin" in the left hand navigation bar. Then choose "Permission manager". And click on "Edit templates".
            

            ===Add template===
            

            To add a new role, you can simply click the "New" button. Existing templates can be selected and then edited. The description is only for internal use for wiki admins. All permissions known to the wiki are listed here and can be selected and deselected.
            

            [[File:BlueSpice223-PermissionManager-Template-en.png|thumb|none|700px|Screenshot: Template editor of the permission managers]]
            

            ===Assign group permissions===
            

            After saving, the groups will be chosen which should be assigned the permissions of the role. A simple click on the desired namespace is enough to validate the role.
            

            ==Preferences==
            

            Have a look at the [[Preferences|admin preferences]] to define the PermissionManager.
            
            [[File:BlueSpice227-PermissionManager-AdminEinstellungen-en.png|thumb|none|400px|Screenshots: Admin preferences]]
            

            {{Box_Links-en | Thema1 =[[UserManager|User Manager]] | Thema2 =[[GroupManager|Group Manager]] | Thema3 = | Thema4 = }}
            

            ==See also==
            

            Our [[PermissionManager|reference page.]]BlueSpicePermissionManager?==
            

            '''BlueSpicePermissionManager''' offers easy and user-friendy way to manage user permissions on the wiki.
            

            ==Where to find BlueSpicePermissionManager==
            
            [[File:PermissionManager1a.png|thumb]]
            

            BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to <code>Special:PermissionManager</code>
            
            {{Clear}}
            

            ==Using the BlueSpicePermissionManager==
            
            ===The role system===
            
            Since BlueSpice version 3.0, roles, as a way to manage wiki rights, are introduced.
            
            The main intention of using roles is to simplify rights management and make it more straigh-forward.
            
            Roles represent a collection of individual permissions that are necessary to perform certain function on the wiki. For example, for a user who is supposed only to be able to read the wiki, many permissions in addition to the "read" permissions are needed, like ability to change own settings, be able to search the wiki, view page ratings...
            
            All those permissions that make a logical group, are encapsulated to a role, in this example to the role "reader".
            
            This way, if wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group "reader" role, instead of assigning tens of different rights, which would such user group require.
            

            Other functions on the wiki would also rights required for them encapsulated in a role.
            

            By assigning role to a group, all users belonging to that group will receive rights contained in the role.
            

            BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions.
            

            ====Default roles====
            
            By default BlueSpicePermissionManager offers a number of pre-defined roles that are created to serve most of the user needs on the wiki:
            
            * '''bot '''- role that should be typically assigned only to the "bot" group.
            
            * '''admin '''- role that contains all available rights, and should be assigned only to wiki-admin groups.
            
            * '''maintenanceadmin '''- very similar to "admin" role, used for user groups that are responsible for maintaining wiki integrity
            
            * '''author '''- this role contains all permissions necessary for creating content on the wiki.
            
            * '''editor '''- role meant for user groups that are able to not only create own content, but to edit, create reviews and delete all content of the wik
            
            * '''reviewer '''- role that allows users to perform all reviewing actions on the wiki
            
            * '''accountmanager '''- role means for users that will manage user accounts
            
            * '''structuremanager '''- this role allows users to manage the structure of the wiki - move (rename) pages, create and delete namespaces...
            
            * '''reader''' - role that allows basic read-only access to the wiki
            
            * '''accountselfcreate '''- this role must be assinged to the "*" groups, in order to allow users to create user accounts by themselves
            
            * '''commenter '''- role for users that cannot create and edit content, but can comment on the existing content
            

            ===Layout of BlueSpicePermissionManager===
            
            [[File:PermissionManager2a.png|thumb|Adding namespaces to the role matrix]]
            
            BlueSpicePermissionManager consists of:
            
            * the group tree on the left - showing all the groups available on the wiki in the hierarchy. 
            
            ** Group "*" - all non-logged-in users (anonymous) users belong to this group
            
            ** Group "user" - all logged-in users belong to this group. This is the default group for all users on the wiki, every user belongs to this group by default
            
            ** Subgroups of group "user" - all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking "Show system groups" checkbox above the tree.
            
            * Role matrix - table showing namespaces in columns and roles in rows
            

            ===Role matrix===
            
            [[File:PermissionManager3a.png|thumb|Viewing permissions contained in a role]]
            
            The columns in the role matrix are:
            
            * Role information column - represented by an info icon. Clicking on this icon opens a dialog listing all the permissions contained in a particular role. The list shows permission names and short description. This list is exportable.
            
            * Role name
            
            * "Wiki" column - this column represents assignment of a role to the entire wiki. By assigning the role in this column, user group will receive permissions in the role everywhere on the wiki (all namespaces).
            
            * Individual namespaces - Following columns represent every (applicable) namespace on the wiki.
            
            ** Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespaces. By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
            
            ** Same role can be granted to multiple groups for the same namespace.
            
            ** Which namespace will appear in the matrix can be controlled by adding column to the grid, by clicking on the arrow in table header, then "Columns" and selecting desired columns.
            

            ===Role inheritance===
            
            By default, all roles granted to "*" group will be granted to "user" group, and all roles granted to "user" group will be granted to all of the groups that are a sub-group of the group "user".
            
            If a group inherits the role from upper-level group field in the role matrix will be shown in green, but the checkbox won't be checked.
            

            ==Technical==
            
            ===Logging===
            
            Every change to the roles is logged in the MediaWiki log book, found under <code>Special:Log</code> under <code> Permission Manager log</code> type.
            
            These logs are availble only to wiki administrators (users in groups that have "admin" role granted).
            
            === Backups ===
            
            All changes to role matrix is backed-up. By default, last 5 backups are being kept. This limit can be changed in [[Manual:Extension/BlueSpiceConfigManager|BlueSpiceConfigManager]], under configs for extension BlueSpicePermissionManager.
            

            ==See also==
            
            [[Reference:PermissionManager|Reference page]] for this extension.
            

            {{Translation}}
(9 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
__TOC__
 
__TOC__
  
==What is PermissionManager?==
+
==What is BlueSpicePermissionManager?==
  
'''PermissionManager''' allows an easy and convenient management of usergroup rights in a graphical interface.
+
'''BlueSpicePermissionManager''' offers easy and user-friendy way to manage user permissions on the wiki.
  
==Where to find the function PermissionManager?==
+
==Where to find BlueSpicePermissionManager==
 +
[[File:PermissionManager1a.png|thumb]]
  
Firstly, you will need admin rights in order to call up the permission manager. If you have the right permissions, you will find "Permission manager" in the left navigation bar under "Admin". Click on the link and you will be taken to the administration page.
+
BlueSpicePermissionManager is available from the left navigation, under "Global actions" tab, under the section "Management", or by navigating directly to <code>Special:PermissionManager</code>
 +
{{Clear}}
  
::: [[File:BlueSpice223-PermissionManager-Navigation-en.png|thumb|none|220px|Sceenshot: Open the permission manager in the admin area]]
+
==Using the BlueSpicePermissionManager==
 +
===The role system===
 +
Since BlueSpice version 3.0, roles, as a way to manage wiki rights, are introduced.
 +
The main intention of using roles is to simplify rights management and make it more straigh-forward.
 +
Roles represent a collection of individual permissions that are necessary to perform certain function on the wiki. For example, for a user who is supposed only to be able to read the wiki, many permissions in addition to the "read" permissions are needed, like ability to change own settings, be able to search the wiki, view page ratings...
 +
All those permissions that make a logical group, are encapsulated to a role, in this example to the role "reader".
 +
This way, if wiki admins want to grant ability to have read-only rights on the wiki to a user group, they only need to assign that group "reader" role, instead of assigning tens of different rights, which would such user group require.
  
==The functionality of PermissionManager==
+
Other functions on the wiki would also rights required for them encapsulated in a role.
  
Choose one of the three work modes in the drop-down menu:
+
By assigning role to a group, all users belonging to that group will receive rights contained in the role.
  
* '''Group:''' An array is displayed for a chosen user group showing the namespaces and the permissions attached.
+
BlueSpicePermissionManager, since version 3.0, allows managing role assignment, instead of permission assignment as was the case in previous versions.
* '''Namespace:''' An array is displayed for a chosen namespace showing the user groups and the permissions attached.
 
* '''Permission:''' An array is displayed for a chosen permission showing the user groups and the namespaces.
 
  
===PERMISSION MANAGER EXPLAINED===
+
====Default roles====
 +
By default BlueSpicePermissionManager offers a number of pre-defined roles that are created to serve most of the user needs on the wiki:
 +
* '''bot '''- role that should be typically assigned only to the "bot" group.
 +
* '''admin '''- role that contains all available rights, and should be assigned only to wiki-admin groups.
 +
* '''maintenanceadmin '''- very similar to "admin" role, used for user groups that are responsible for maintaining wiki integrity
 +
* '''author '''- this role contains all permissions necessary for creating content on the wiki.
 +
* '''editor '''- role meant for user groups that are able to not only create own content, but to edit, create reviews and delete all content of the wik
 +
* '''reviewer '''- role that allows users to perform all reviewing actions on the wiki
 +
* '''accountmanager '''- role means for users that will manage user accounts
 +
* '''structuremanager '''- this role allows users to manage the structure of the wiki - move (rename) pages, create and delete namespaces...
 +
* '''reader''' - role that allows basic read-only access to the wiki
 +
* '''accountselfcreate '''- this role must be assinged to the "*" groups, in order to allow users to create user accounts by themselves
 +
* '''commenter '''- role for users that cannot create and edit content, but can comment on the existing content
  
Permission manager is used to grant or revoke permissions.
+
===Layout of BlueSpicePermissionManager===
On the left side there is Groups menu that can be shown by clicking on the arrow at the top.
+
[[File:PermissionManager2a.png|thumb|Adding namespaces to the role matrix]]
It shows permission groups hierarchy. The asterisk (*) group includes all users that enter wiki, regardless of whether they are logged in or not. The "user" group applies to all logged in users. This groups holds different sub-groups,
+
BlueSpicePermissionManager consists of:
some of which are default to MediaWiki while others may be custom. Clicking on the group name shows (in the list to the right) all permissions granted to the group. You can add permissions by checking appropriate check box.
+
* the group tree on the left - showing all the groups available on the wiki in the hierarchy.  
 +
** Group "*" - all non-logged-in users (anonymous) users belong to this group
 +
** Group "user" - all logged-in users belong to this group. This is the default group for all users on the wiki, every user belongs to this group by default
 +
** Subgroups of group "user" - all groups that are defined on the wiki, eiter by default, by MediaWiki, or custom groups created by the wiki admins. System groups, created by MediaWiki, can be hidden by unchecking "Show system groups" checkbox above the tree.
 +
* Role matrix - table showing namespaces in columns and roles in rows
  
Assigning permissions
+
===Role matrix===
Permissions can be granted for entire wiki (by checking "Wiki" checkbox) or only for selected namespaces.
+
[[File:PermissionManager3a.png|thumb|Viewing permissions contained in a role]]
Assigning permissions follows an inheritance model. If you add permission to (*) group it will also be assigned to "user" and all sub-groups of "user". It will show like green unchecked field. When a permission is not explicitly
+
The columns in the role matrix are:
granted to a group but its inherited from a parent group, field will appear as green and not checked
+
* Role information column - represented by an info icon. Clicking on this icon opens a dialog listing all the permissions contained in a particular role. The list shows permission names and short description. This list is exportable.
 +
* Role name
 +
* "Wiki" column - this column represents assignment of a role to the entire wiki. By assigning the role in this column, user group will receive permissions in the role everywhere on the wiki (all namespaces).
 +
* Individual namespaces - Following columns represent every (applicable) namespace on the wiki.
 +
** Roles can be assigned to only certain namespace, eg. group "user" can be granted role "editor" only in namespace "Public", in order to be able to edit only pages in this namespaces. By granting a role to a particular group in a particular namespace, means that all other groups will lose permissions from this role, eg. granting role "reader" in namespace "Private" to group "sysop" means that all users in any other groups won't be able to read pages in "Private" namespace, even if they have "reader" role granted on the wiki level ("Wiki" column).
 +
** Same role can be granted to multiple groups for the same namespace.
 +
** Which namespace will appear in the matrix can be controlled by adding column to the grid, by clicking on the arrow in table header, then "Columns" and selecting desired columns.
  
When explicitly adding permission to one groups (for entire wiki or just for one namespace) all other groups in the same hierarchy level will lose this permission.
+
===Role inheritance===
 +
By default, all roles granted to "*" group will be granted to "user" group, and all roles granted to "user" group will be granted to all of the groups that are a sub-group of the group "user".
 +
If a group inherits the role from upper-level group field in the role matrix will be shown in green, but the checkbox won't be checked.
  
Templates
+
==Technical==
You can create templates for permissions. Templates represent collection of permissions to make permission management more straight-forward. Templates are added/edited in Template editor (click on "Edit templates" buttom at the bottom).
+
===Logging===
Enter name for template, description and select permissions that will be managed by this template.
+
Every change to the roles is logged in the MediaWiki log book, found under <code>Special:Log</code> under <code> Permission Manager log</code> type.
When template is added it will appear at the top of the permission lists and assigning it to a group will grant all permissions defined in the template, and at the same time revoke these permissions from other groups in the same hierarchy level.
+
These logs are availble only to wiki administrators (users in groups that have "admin" role granted).
 +
=== Backups ===
 +
All changes to role matrix is backed-up. By default, last 5 backups are being kept. This limit can be changed in [[Manual:Extension/BlueSpiceConfigManager|BlueSpiceConfigManager]], under configs for extension BlueSpicePermissionManager.
  
 
Assign the permissions as you want in the table. The permissions are colour coded. The explatation for the coding can be found in "Good to know". You can also work with permission-templates, also called '''roles'''. Such roles contain a collection of permissions.
 
[[File: BlueSpice223-PermissionManager-Dialog-en.png|thumb|none|700px|Screenshot: Settings in the PermissionManager]]
 
 
'''Good to know:'''
 
 
* Assigning permissions to groups and namespaces can be done either by choosing a permission-template (role) or by choosing individual permissions.
 
* Permission-templates are defined by using unique (descriptive) names.
 
* A permission-template is a freely definable collection of permissions.
 
* Management of permission-templates is a component of the PermissionManager (with its own dialogue).
 
 
* The first step to set permissions is to set them in the first folder - for the whole wiki (*).
 
* The permissions you set for a group, will be set automatically for the following folders, for the wiki and all namespaces (green coloured - not checked).
 
* If you want to give the groups more/different permissions - maybe in different namespaces - you can select them manually, but if you do that, the other groups, in the same hierarchy level, '''lose that permission''' for the namespace you choosen.
 
 
 
'''User permissions'''
 
 
User:
 
 
* Read: lets the user view pages.
 
 
* Edit: allows the user to edit unprotected pages.
 
 
* Create page: allows the user to create new pages (edit permission is needed here).
 
 
* Rollback: lets the user roll back the article with a click, restoring a previous version from another author. If this permission is activated, you can find the rollback button under History next to "undo" by the last change.
 
 
* Import: allows the user to import an article from another wiki in one go ('''Transwiki''').
 
 
Sysop:
 
 
* Createtalk: allows the user to create a new talk page (edit permission is needed here).
 
 
* Writeapi: controls access to the write API ($wgEnableWriteAPI must be set to true), this means commands can be given using this external interface.
 
 
* Upload: allows the creation of new pictures and files, i.e. pictures and files can be uploaded.
 
 
* Files: allows the user to view files which have been uploaded (needs secure:Image), e.g. unregistered users can not see word or PDF documents.
 
 
* Delete: allows the user to delete pages (can be found under ''more'').
 
 
* Move: allows the user to change the title of unprotected pages (edit permission is needed here) via ''move'' (can be found under ''more'').
 
 
* Move-subpages: this moves subpages along with the main page to which they are assigned (move permission is needed here). If the user has this permission, subpages are automatically moved with main pages.
 
 
* Protect: allows the user to lock a page preventing it from being edited or moved (''protect'' can be found under ''more''). Editing a protected page is possible for those with this permission.
 
 
* Block: allows the user to block IP addresses and registered users. There are various block options including stopping a user from editing and from registering new accounts and automatic blocking of other users with the same IP address. This takes place via the special page ''Block user''.
 
 
* Createaccount: allows the user to create new accounts (via WikiAdmin - User manager).
 
 
* Bigdelete: allows the user to delete pages which are larger than the limit $wgDeleteRevisionsLimit. The variable DeleteRevisionsLimit can be set up in advance.
 
 
* Undelete: allows the user to restore deleted pages.
 
 
* Editusercssjs: allows the user to create and edit their own Monobook style and scripts.
 
 
* Markbotedits: lets the user mark a rollback as a bot edit.
 
 
* Suppressredirect: allows moving a page without automatically setting up a redirect. A token can be placed when the page is moved.
 
 
* Apihighlimits: gives a user a higher limit for API queries; this ia a special permission to allow several actions to be carried out at once.
 
 
* Browsearchive: allows the user to search for prefixes of titles of deleted pages via Special:Undelete.
 
 
* Noratelimit: the user is not affected by rate limits.
 
 
 
See: [http://www.mediawiki.org/wiki/Manual:User_rights#List_of_Permissions User Rights]
 
 
===BlueSpice===
 
 
'''WikiAdmin'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
editadmin
 
 
| style="border: 1px solid #ebecec;"|
 
gives the user access to the module ''Search'' and, where appropriate ''PageTemplates'' in the WikiAdmin area
 
 
| style="border: 1px solid #ebecec;"|
 
sysop
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
useradmin
 
 
| style="border: 1px solid #ebecec;"|
 
gives the user access to the module ''User'' and if appropriate ''Groups'' in the WikiAdmin area
 
 
| style="border: 1px solid #ebecec;"|
 
sysop
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
wikiadmin
 
 
| style="border: 1px solid #ebecec;"|
 
grants the user full access to the WikiAdmin area
 
 
| style="border: 1px solid #ebecec;"|
 
sysop
 
 
|}
 
 
'''Responsible editor'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''User group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
responsibleeditors-changeresponsibility
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user change the responsible editors for a page.
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
sysop
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
responsibleeditors-viewspecialpage
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user see the overview of the responsible editors.
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
user
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
responsibleeditors-takeresponsibility
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user be assigned as a responsible editor for an article.
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
user
 
 
|}
 
 
'''SecureFileStore'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''User group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
viewfiles
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user download and/or view files which have been uploaded.
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|}
 
 
'''ExtendedSearch'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''User group'''
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
searchfiles
 
 
| style="border: 1px solid #ebecec;"|
 
allows the user to search for files. Lets the user tick the extended search option ''Search files''.
 
 
| style="border: 1px solid #ebecec;"|user
 
|}
 
 
'''Review'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="width: 20%; border: 1px solid #ebecec;"|
 
'''User permissions'''
 
 
! style="border-color: #ebecec; border-style: solid;"|
 
'''Definition'''
 
 
! style="border-color: #ebecec; border-style: solid;"|
 
'''User group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
workflowview
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user view work flows
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
workflowedit
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user create, edit, change and delete work flows
 
 
| style="border-color: #ebecec; border-style: solid;"|sysop
 
|}
 
 
'''SecureFileStore'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
viewfiles
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user download and/or view files which have been uploaded.
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|}
 
 
'''Shoutbox'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
readshoutbox
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user read commentaries made using the Shoutbox.
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
writeshoutbox
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
lets the user add comments to the Shoutbox
 
 
| style="border-color: #ebecec; border-style: solid;"|sysop
 
|}
 
 
'''Universal Export'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border: 1px solid #ebecec; width: 20%;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
universalexport-export
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
allows the user to create PDF files.
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|-
 
| style="border-color: #ebecec; border-style: solid;"|
 
universalexport-export-with-attachments
 
 
| style="border-color: #ebecec; border-style: solid;"|
 
allows the user to create PDF files with file attachments.
 
 
| style="border-color: #ebecec; border-style: solid;"|user
 
|}
 
 
===MediaWiki Extensions===
 
'''Flagged Revisions'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border-image: initial; width: 20%; border: 1px solid #ebecec;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
review
 
 
| style="border: 1px solid #ebecec;"|
 
lets the user review changes.
 
 
| style="border: 1px solid #ebecec;"|sysop
 
|-
 
| style="border: 1px solid #ebecec;"|
 
validate
 
 
| style="border: 1px solid #ebecec;"|
 
lets the user validate changes.
 
 
| style="border: 1px solid #ebecec;"|-
 
|-
 
| style="border: 1px solid #ebecec;"|
 
autoreview
 
 
| style="border: 1px solid #ebecec;"|
 
automatically marks those edits which a user has made themselves as reviewed
 
 
| style="border: 1px solid #ebecec;"|sysop
 
|-
 
| style="border: 1px solid #ebecec;"|
 
unreviewedpages
 
 
| style="border: 1px solid #ebecec;"|
 
lets the user see the page ''Special:Unreviewed pages''.
 
 
| style="border: 1px solid #ebecec;"|sysop
 
|}
 
 
'''Nuke'''
 
 
{| class="contenttable" style="width: 100%;" border="0"
 
|-
 
! style="border-image: initial; width: 20%; border: 1px solid #ebecec;"|
 
'''User permissions'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''Definition'''
 
 
! style="border: 1px solid #ebecec;"|
 
'''user group'''
 
 
|-
 
| style="border: 1px solid #ebecec;"|
 
nuke
 
 
| style="border: 1px solid #ebecec;"|
 
allows the user to delete articles on mass.
 
 
| style="border: 1px solid #ebecec;"|sysop
 
|}
 
 
<!--==Tips for working with PermissionManager==-->
 
 
==Permission-templates==
 
 
PermissonManager lets you make regularly recurring assignments easily by using permission templates, or roles. For example, when you need to supply a new namespace with the relevant group permissions.
 
 
===Create templates===
 
 
To create a new role, click on "Admin" in the left hand navigation bar. Then choose "Permission manager". And click on "Edit templates".
 
 
===Add template===
 
 
To add a new role, you can simply click the "New" button. Existing templates can be selected and then edited. The description is only for internal use for wiki admins. All permissions known to the wiki are listed here and can be selected and deselected.
 
 
[[File:BlueSpice223-PermissionManager-Template-en.png|thumb|none|700px|Screenshot: Template editor of the permission managers]]
 
 
===Assign group permissions===
 
 
After saving, the groups will be chosen which should be assigned the permissions of the role. A simple click on the desired namespace is enough to validate the role.
 
 
==Preferences==
 
 
Have a look at the [[Preferences|admin preferences]] to define the PermissionManager.
 
[[File:BlueSpice227-PermissionManager-AdminEinstellungen-en.png|thumb|none|400px|Screenshots: Admin preferences]]
 
 
{{Box_Links-en | Thema1 =[[UserManager|User Manager]] | Thema2 =[[GroupManager|Group Manager]] | Thema3 = | Thema4 = }}
 
  
 
==See also==
 
==See also==
 +
[[Reference:PermissionManager|Reference page]] for this extension.
  
Our [[PermissionManager|reference page.]]
+
{{Translation}}

Attachments

Discussions