Global Permission Settings for Knowledge Components

Creating Followup Permission Sets
July 2007
Steve Tindle


There are cases where it is desirable to have a set of permission rules to be processed after the Administrative and Page permissions have been processed. These are called Global permissions and provide a way to follow up on previous ACL declarations to make sure nothing is forgotten, especially when page permissions can be easily modified.

These permissions should not be confused with non-overridable permissions as explained in Administrator Permissions for Knowledge Components. These permissions can always be overridden by Administrative and Page permissions.

The Global Permissions are generally only modified by SQI staff.

ACL Rights, After

The ACL declaration is defined in the site's configuration file with the key of acl_rights_after. By default, there are no rules in the Global Permissions set unless requested by the client.

In public sites, it might be a good idea to make sure that anybody can read any page unless that right was expressly taken away. Although this is generally never needed, if a page changes permissions and forgets to add the All:read declaritive, that page will not be viewable to anonymous users. If acl_rights_after is specified as All:read, that will make sure anonymous users are not forgotten.

For the case of expressly forbidding that anonymous users can access a page, the All: declarative should be added to the page permissions. See Page Permissions for Knowledge Components.


Univ/CIE/KA/GlobalPermissions (last edited 2015-03-06 18:11:26 by localhost)