Hello,
I have been requested to grant a specific group of users, access to one Namespace on an existing wiki (not currently using Namespace).
The complete request is:
- setup a group of user so that they can only access one Namespace/Group on wiki - Add other Namespaces and assign the existing users accordingly
I am aware that all users can view the main Namespace; is there a way to prevent the group setup to view only one Namespace, from accessing the main Namespace? Is there a method of preventing user from even seeing menu selections?
Is it a big chore, or even advisable to move main pages to different Namespaces?
I have Namespaces & Group permissions setup on my test wiki, and it works fine.
One last question: Is there a way of moving multiple pages to a Namespace?
Thanks.
Hello,
I neglected to mention that I wouldn't be adding the the additional Namespaces until a couple of months. Therefore, there would only be one Namespace in use, and the remainder of users should function as usual.
Thanks, Graham --------------- Graham wrote:
Hello,
I have been requested to grant a specific group of users, access to one Namespace on an existing wiki (not currently using Namespace).
The complete request is:
- setup a group of user so that they can only access one
Namespace/Group on wiki
- Add other Namespaces and assign the existing users accordingly
I am aware that all users can view the main Namespace; is there a way to prevent the group setup to view only one Namespace, from accessing the main Namespace? Is there a method of preventing user from even seeing menu selections?
Is it a big chore, or even advisable to move main pages to different Namespaces?
I have Namespaces & Group permissions setup on my test wiki, and it works fine.
One last question: Is there a way of moving multiple pages to a Namespace?
Thanks.
On 16 August 2010 17:31, Graham tolliver@dal.ca wrote:
I am aware that all users can view the main Namespace; is there a way to prevent the group setup to view only one Namespace, from accessing the main Namespace? Is there a method of preventing user from even seeing menu selections?
Not with any security at all. The smallest unit of complete isolation is the individual wiki.
Export the relevant articles and import to a fresh wiki. Let your restricted users loose there.
- d.
Hello David,
Thanks for your assistance.
Verification: So I guess there isn't any possibility to have a group of users assigned to a Namespace, and the other users status quo.
The owner of the wiki doesn't want another one to administer, so that's why I am trying to be one hundred percent clear. The owner indicated that the main Namespace being open isn't an issue. However, being able to assign a few users to one Namespace, and having the remainder of users functioning as usual is required.
Just want to be clear.
-Graham- --------------------- David Gerard wrote:
On 16 August 2010 17:31, Graham tolliver@dal.ca wrote:
I am aware that all users can view the main Namespace; is there a way to prevent the group setup to view only one Namespace, from accessing the main Namespace? Is there a method of preventing user from even seeing menu selections?
Not with any security at all. The smallest unit of complete isolation is the individual wiki.
Export the relevant articles and import to a fresh wiki. Let your restricted users loose there.
- d.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On 17 August 2010 17:54, Graham tolliver@dal.ca wrote:
So I guess there isn't any possibility to have a group of users assigned to a Namespace, and the other users status quo. The owner of the wiki doesn't want another one to administer, so that's why I am trying to be one hundred percent clear. The owner indicated that the main Namespace being open isn't an issue. However, being able to assign a few users to one Namespace, and having the remainder of users functioning as usual is required. Just want to be clear.
There are extensions that let you do this sort of thing to some degree, but they're not part of the main MediaWiki code and are not likely to be.
The trouble is that even if you restrict users to a namespace or from a namespace, evidence of the namespace will leak to public visibility - content, special pages, etc.
The only way to properly secure MediaWiki on this level would be to put restricting code into every function of this rather large and complicated piece of software ...
Here's a category of such extensions. I've never used any myself, but the devs have detailed the problems with such extensions:
http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions
Speaking as an intranet system administrator, I'd never try to do this - if someone wants a secure wiki they get a separaste instance, if they want page-level security inside a single wiki then MediaWiki is likely not the right tool.
- d.
On Tue, Aug 17, 2010 at 11:47 AM, David Gerard dgerard@gmail.com wrote:
On 17 August 2010 17:54, Graham tolliver@dal.ca wrote:
So I guess there isn't any possibility to have a group of users assigned to a Namespace, and the other users status quo. The owner of the wiki doesn't want another one to administer, so that's why I am trying to be one hundred percent clear. The owner indicated that the main Namespace being open isn't an issue. However, being able to assign a few users to one Namespace, and having the remainder of users functioning as usual is required. Just want to be clear.
There are extensions that let you do this sort of thing to some degree, but they're not part of the main MediaWiki code and are not likely to be.
The trouble is that even if you restrict users to a namespace or from a namespace, evidence of the namespace will leak to public visibility
- content, special pages, etc.
The only way to properly secure MediaWiki on this level would be to put restricting code into every function of this rather large and complicated piece of software ...
Here's a category of such extensions. I've never used any myself, but the devs have detailed the problems with such extensions:
http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions
Speaking as an intranet system administrator, I'd never try to do this
- if someone wants a secure wiki they get a separaste instance, if
they want page-level security inside a single wiki then MediaWiki is likely not the right tool.
- d.
The CIA generated code to add rigorous security classification levels to MediaWiki would be useful to see; I tend to agree with David that MediaWiki (even with available extensions) isn't a good tool for this job.
I think that the code was kept private, though.
The problem with other Wiki software that's better at security is that it's as a rule much more lousy Wiki software.
The Wikimedia Foundation per se doesn't have incentive or a goal to rebuild MediaWiki as something in which real security is a design goal right now. Which is somewhat unfortunate, as some commercial and organizational users could use that. The CIA did, but we didn't get the code.
I think that the world and industry as a whole are somewhat harmed by the situation; adoption rate of intranet Wikis is somewhat slow in many environments, because they're using more lousy Wiki platforms.
On 17 August 2010 21:40, George Herbert george.herbert@gmail.com wrote:
I think that the world and industry as a whole are somewhat harmed by the situation; adoption rate of intranet Wikis is somewhat slow in many environments, because they're using more lousy Wiki platforms.
Personally I'd put that down to the lack of good WYSIWYG. But we had that thread already ...
- d.
The Wikimedia Foundation per se doesn't have incentive or a goal to rebuild MediaWiki as something in which real security is a design goal right now. Which is somewhat unfortunate, as some commercial and organizational users could use that. The CIA did, but we didn't get the code.
I think you are confused on what Intellipedia's classification system does. Though the classification system they have is nice, it would be really easy to replicate (and probably in a slightly better way). It isn't page level ACLs, or anything like that.
Respectfully,
Ryan Lane
mediawiki-l@lists.wikimedia.org