Concept
More than 100 rights are required to control user access to all wiki functions and extensions.
Depending on the actions that users are allowed to perform, many of these rights are related and must therefore be granted to a specific user type. For example, a user with read access should also be able to change the user profile and add pages to a watch list. For this reason, BlueSpice uses roles and groups to manage the authorisations of individual users.
The following elements are part of the rights system:
| Element | Function |
|---|---|
| Right | Enables a specific action |
| Role | Combination of rights (rights can only be granted via roles) |
| User | Entity in the wiki instance database. Has a unique user name and a unique user ID. |
| Group | A collection of users. A user is assigned to one or more groups. There are system-internal groups (which cannot be removed or renamed) and custom groups. In the case of custom groups, the group name often consists of the role and a namespace name. |
| Namespace | Authorisations can be defined at namespace level. But generally not per page. |
Classic rights assignment procedure
| Step | Function | Description |
|---|---|---|
| 1 | Namespace management | Create a namespace via the Special:NamespaceManager page.
|
| 2 | Group management | Create a user group for each role that you want to manage in this namespace via the Special:PermissionManager page. The group name should follow a specific pattern, e.g. <namespace_name>_<role_name>.
|
| 3 | Rights management | Connect groups, roles and namespaces with Special:PermissionManager . Simply follow the name pattern of the group.
|
| 4 | User management | Assign users to the groups. |
