9 Dec
2010
9 Dec
'10
2:28 a.m.
On 9 December 2010 09:21, Paul Harris <harris.pc(a)gmail.com> wrote:
Hi again,
I wanted to protect my "Website Admin" from any non-admins,
So I edited the Rights to that space, and clicked the 'View' button on
'XWikiAllGroup' until it was a red cross.
Then I checked in the other webbrowser (logged in as a regular user), and
sure enough, I couldn't view the page.
However, I then went to this address:
http://domain.com/xwiki/edit/Website+Admin/
and the regular user was able to edit the page! which also includes a
'Preview' button, which shows them a View!
not good.
After I removed ALL the rights to the AllUsers group, I noticed that
unregistered users are able to view the space.
What happens when I add more groups to the wiki, will those users be able to
view the space? Or will they be covered by AllUsers?
I don't find this intuitive... I haven't thought this through, but I
would've preferred to be able to switch OFF all rights, and then switch on
the rights to the users/groups I want to edit. At the moment there are a
few places where you could accidentally leave access open to spaces that
should not be open.
thanks
Paul