No edit summary
No edit summary
Tag: 2017 source edit
 
(8 intermediate revisions by 2 users not shown)
Line 6: Line 6:
More than 100 rights are required to control user access to all wiki functions and extensions.
More than 100 rights are required to control user access to all wiki functions and extensions.


Depending on the actions that users are allowed to perform, many of these rights are related and must therefore be granted to a specific user type. For example, a user with read access should also be able to change the user profile and add pages to a watch list. For this reason, BlueSpice uses roles and groups to manage the authorisations of individual users.<bs:drawio filename="Rechtesystem" />
Depending on the actions that users are allowed to perform, many of these rights are related and must therefore be granted to a specific user type. For example, a user with read access should also be able to change the user profile and add pages to a watch list. For this reason, BlueSpice uses roles and groups to manage the authorisations of individual users.<bs:drawio filename="Rechtesystem" alt="Infographic showing relationships between permissions, users, groups and roles"/>


The following elements are part of the rights system:
The following elements are part of the rights system:


<section begin="training-slides" />
{| class="contenttable-blue" style="width:100%;"
{| class="contenttable-blue" style="width:100%;"
|+
|+
Line 30: Line 29:
| style="" |Namespace
| style="" |Namespace
| style="" |Authorisations can be defined at namespace level. But generally not per page.
| style="" |Authorisations can be defined at namespace level. But generally not per page.
|}</div>
|}


== Classic rights assignment procedure ==
== Classic rights assignment procedure ==
<bs:drawio filename="Verrechtung" />
<bs:drawio filename="Verrechtung" alt="Steps for assigning permissions: Create namespace, create groups for namespace, assign roles to groups, assign users to groups" />
{| class="contenttable-blue" style="width:100%;"
{| class="contenttable-blue" style="width:100%;"
|+
|+
Line 58: Line 57:
<section end="training-rechte-workflow" />
<section end="training-rechte-workflow" />


{{Box Links
{{Box Links-en
|Thema1=[[Handbuch:Erweiterung/BlueSpiceNamespaceManager| Namensraumverwaltung]]
|Topic1=[[Manual:Extension/BlueSpiceNamespaceManager| Namespace management]]
|Thema2=[[Handbuch:Erweiterung/BlueSpicePermissionManager|Rechteverwaltung]]
|Topic2=[[Manual:Extension/BlueSpicePermissionManager|Permission Management]]
|Thema3=[[Handbuch:Erweiterung/BlueSpiceGroupManager|Gruppenverwaltung]]
|Topic3=[[Manual:Extension/BlueSpiceGroupManager|Group management]]
|Thema4=[[Handbuch:Erweiterung/BlueSpiceUserManager|Benutzerverwaltung]]
|Topic4=[[Manual:Extension/BlueSpiceUserManager|User management]]
}}
}}




[[de:{{FULLPAGENAME}}]]
[[de:Handbuch:Konzept_Rechteverwaltung]]
[[En:Rights_concepts]]
[[en:{{FULLPAGENAME}}]]
[[Category:Berechtigungen]]
[[Category:Berechtigungen]]

Latest revision as of 10:51, 13 October 2025


Concept

More than 100 rights are required to control user access to all wiki functions and extensions.

Depending on the actions that users are allowed to perform, many of these rights are related and must therefore be granted to a specific user type. For example, a user with read access should also be able to change the user profile and add pages to a watch list. For this reason, BlueSpice uses roles and groups to manage the authorisations of individual users.
Infographic showing relationships between permissions, users, groups and roles

The following elements are part of the rights system:

Element Function
Right Enables a specific action
Role Combination of rights (rights can only be granted via roles)
User Entity in the wiki instance database. Has a unique user name and a unique user ID.
Group A collection of users. A user is assigned to one or more groups. There are system-internal groups (which cannot be removed or renamed) and custom groups. In the case of custom groups, the group name often consists of the role and a namespace name.
Namespace Authorisations can be defined at namespace level. But generally not per page.

Classic rights assignment procedure

Steps for assigning permissions: Create namespace, create groups for namespace, assign roles to groups, assign users to groups
Step Function Description
1 Namespace management Create a namespace via the Special:NamespaceManager page.
2 Group management Create a user group for each role that you want to manage in this namespace via the Special:PermissionManager page. The group name should follow a specific pattern, e.g. <namespace_name>_<role_name>.
3 Rights management Connect groups, roles and namespaces with Special:PermissionManager . Simply follow the name pattern of the group.
4 User management Assign users to the groups.

Related info



PDF exclude - start

To submit feedback about this documentation, visit our community forum.

PDF exclude - end