There is some access control possibility, by giving certain namespaces or
articles specific group requirements to view. Only grant privileged users
those groups needed to read or edit the secure docs.
Alternatively, create two parallel wikis, one of which is open internal
access having the non-secure information, and then a secure wiki with the
passwords and so forth (only); interwiki links can be made fairly easily.
Only grant the users in the support teams who need access to customer
systems logins on the second wiki, track its access more closely, etc.
Or, alternately, don't try and do that last role in Mediawiki, but instead
set up an enterprise password management system, and have the Wiki link to
that for users who might need those. Rather than having "document
management" of those passwords, put them in the password manager, and have
it and its access controls handle all the access to them.
The latter - avoiding all 'plain document' storage of passwords - will meet
the more stringent enterprise security concerns. Linking to arbitrary URLs
for the password manager is fine, all the products I know of are web
interface (https) and can have an entry URL specific to the thing you were
looking to try and check out and use.
Depending on how sensitive the info is, I might do three tiers; Tier 1, a
standard MediaWiki with open access, generic non-secure documents. Tier 2,
a second MediaWiki installation, with secure individual tech-only logins
required, with "confidential configuration documents" and the like. Tier
3, an enterprise password manager for managing individual admins' checkouts
of passwords for use on customer systems on an as-needed basis with all
that logging and control.
On Fri, Aug 9, 2013 at 8:10 PM, Pierre Labrecque
<pierre.labrecque(a)live.ca>wrote;wrote:
Hello,
(sorry for my poor English.)
This is probably a recurring question.
I work for an IT company of around 80 000 employees and we would like to
build an enterprise wiki, where we will put all our technical documentation
(how to, troubleshooting, scripting, etc.).
80 000 employees, but this wiki will be for 1000 of them. It may generate a
minimum of 200 000/300 000 pages + images + etc.
You have to know that in some of our documentation, we have usernames and
passwords, or maybe firewall configuration, etc. for different customers.
Of course, I know that Mediawiki cannot provide a per page/category
security
(at a read level): my understanding is that Mediawiki is "Read all pages"
or
"Access denied to all pages". nothing in between. So we cannot restrict
view
of some documents to a specific group.
Fine.
So let's say that it's not a problem and that all our technicians will be
able to read all the technical documents, of all our customers.
Someone told me that we just don't have to put some confidential
informations in our wiki documents (no user/password/confidential
config/etc.).
Fine. But where ? If we don't put them in the wiki pages, it means that the
users will have to go in the wiki for the basic informations, then go on
another tool to have the confidential info.
Now, my question: how do you manage this ?
I really love Mediawiki and would like to implement it in our business, but
I haven't enough information on how this can be implemented in the reality
of a business.
And no: no budget to buy something like Confluence.
I have try Dokuwiki, XWiki, Tiki, MoinMoin, many others. I love Dokuwiki
too, but wasn't sure enough it was a strong tool to be able to manage that
amount of pages/images/. Anyway, I always come back to MediaWiki. I don't
know why.
Best regards,
Pierre
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
-george william herbert
george.herbert(a)gmail.com