Administrator Permissions for Knowledge Components
Creating Non-Overridable Permission Sets
When specifying permission sets for administrators, it is a good idea to make sure that administrators always have their rights, even if the page they are trying to edit specifically dines them. In Basics of Permissions, you learned about the overall structure of ACLs and how they are processed. In the SQI Knowledge Components, there is a special ACL declaration that does not get overridden by any other permission sets and is always processed before rules specified on the page.
The Administrator Permissions are generally only modified by SQI staff; however, we feel it is import to explain how these permissions effect your site.
ACL Rights, Before
The ACL declaration is defined in the site's configuration file with the key of acl_rights_before. On nearly all sites, this is defined as:
Here is an explanation of these permissions:
Since these ACL rules are always processed first, Administrators always have these permissions, even if overridden by a Page ACL Declaration. Since the SQI Root user is processed before the AdminGroup, SQI staff can recover the AdminGroup page if it is accidentally cleared or corrupted.
From the ACL declaration above, you can see that the AdminGroup is given all the administrator privileges. All members of the AdminGroup can add and remove users from the AdminGroup. For more information on modifiying groups, please see Basics of Permissions for Knowledge Components.
Table of Contents