There is some access control possibility, by giving certain namespaces or articles specific group requirements to view. Only grant privileged users those groups needed to read or edit the secure docs.
Alternatively, create two parallel wikis, one of which is open internal access having the non-secure information, and then a secure wiki with the passwords and so forth (only); interwiki links can be made fairly easily. Only grant the users in the support teams who need access to customer systems logins on the second wiki, track its access more closely, etc.
Or, alternately, don't try and do that last role in Mediawiki, but instead set up an enterprise password management system, and have the Wiki link to that for users who might need those. Rather than having "document management" of those passwords, put them in the password manager, and have it and its access controls handle all the access to them.
The latter - avoiding all 'plain document' storage of passwords - will meet the more stringent enterprise security concerns. Linking to arbitrary URLs for the password manager is fine, all the products I know of are web interface (https) and can have an entry URL specific to the thing you were looking to try and check out and use.
Depending on how sensitive the info is, I might do three tiers; Tier 1, a standard MediaWiki with open access, generic non-secure documents. Tier 2, a second MediaWiki installation, with secure individual tech-only logins required, with "confidential configuration documents" and the like. Tier 3, an enterprise password manager for managing individual admins' checkouts of passwords for use on customer systems on an as-needed basis with all that logging and control.
On Fri, Aug 9, 2013 at 8:10 PM, Pierre Labrecque pierre.labrecque@live.cawrote:
Hello,
(sorry for my poor English.)
This is probably a recurring question.
I work for an IT company of around 80 000 employees and we would like to build an enterprise wiki, where we will put all our technical documentation (how to, troubleshooting, scripting, etc.).
80 000 employees, but this wiki will be for 1000 of them. It may generate a minimum of 200 000/300 000 pages + images + etc.
You have to know that in some of our documentation, we have usernames and passwords, or maybe firewall configuration, etc. for different customers.
Of course, I know that Mediawiki cannot provide a per page/category security (at a read level): my understanding is that Mediawiki is "Read all pages" or "Access denied to all pages". nothing in between. So we cannot restrict view of some documents to a specific group.
Fine.
So let's say that it's not a problem and that all our technicians will be able to read all the technical documents, of all our customers.
Someone told me that we just don't have to put some confidential informations in our wiki documents (no user/password/confidential config/etc.).
Fine. But where ? If we don't put them in the wiki pages, it means that the users will have to go in the wiki for the basic informations, then go on another tool to have the confidential info.
Now, my question: how do you manage this ?
I really love Mediawiki and would like to implement it in our business, but I haven't enough information on how this can be implemented in the reality of a business.
And no: no budget to buy something like Confluence.
I have try Dokuwiki, XWiki, Tiki, MoinMoin, many others. I love Dokuwiki too, but wasn't sure enough it was a strong tool to be able to manage that amount of pages/images/. Anyway, I always come back to MediaWiki. I don't know why.
Best regards,
Pierre
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l