Administrator Permissions for Knowledge Components

Creating Non-Overridable Permission Sets
July 2007
Steve Tindle

Introduction

When specifying permission sets for administrators, it is a good idea to make sure that administrators always have their rights, even if the page they are trying to edit specifically dines them. In Basics of Permissions, you learned about the overall structure of ACLs and how they are processed. In the SQI Knowledge Components, there is a special ACL declaration that does not get overridden by any other permission sets and is always processed before rules specified on the page.

The Administrator Permissions are generally only modified by SQI staff; however, we feel it is import to explain how these permissions effect your site.

ACL Rights, Before

The ACL declaration is defined in the site's configuration file with the key of acl_rights_before. On nearly all sites, this is defined as:

root:read,write,delete,revert,admin AdminGroup:read,write,delete,revert,admin

Here is an explanation of these permissions:

  • read - Administrators can read all pages

  • write - Administrators can write to all pages

  • delete - Administrators can delete and move all pages

  • revert - Administrators can revert any page to a previous revision

  • admin - Administrators can change the ACL permissions on any page

Since these ACL rules are always processed first, Administrators always have these permissions, even if overridden by a Page ACL Declaration. Since the SQI Root user is processed before the AdminGroup, SQI staff can recover the AdminGroup page if it is accidentally cleared or corrupted.

AdminGroup

From the ACL declaration above, you can see that the AdminGroup is given all the administrator privileges. All members of the AdminGroup can add and remove users from the AdminGroup. For more information on modifiying groups, please see Basics of Permissions for Knowledge Components.



CategoryToComplete

Univ/CIE/KA/AdminPermissions (last edited 2015-03-06 18:11:27 by localhost)