Hi everyone,
i’m kinda new to xwiki and struggeling with rights/permissions. After updatinmg vrom xwiki 17 to 18, all users have admin rights. This is disabled on all groups (but wiki admin).
All users including myself are in the last listed group only. To take admin rights away, i have to fix this for each new user which is annoying and risky, because i cannot say, when a new user (login right is given through ldap) will log in for the first time.
Is there a way to fix this?
Hello,
Please check https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/#HBasicrules and especially this line:
- When a right has been allowed at a given level, it gets implicitly denied to anyone else at the same level. This only applies to the right allowed. If only “View” is set to a user/group at this level, all other rights like “Edit” are still inherited. Using this implicit deny behavior is recommended over applying explicit denial.
Thus you shouldn’t deny the admin rigths to all users and groups, you just need to give it to the users and groups that require it.
Hope it helps
Hi,
thanks for your reply. I think i found the problem. It’s the programming right that added admin permissions. If i untick that, i stumbled upon the next problem that a regular user did not see the startpage anymore and the skin was not loaded. Next step was to allow the startpage to be seen by everybody (all groups) and do the same to the skins page. For the moment it seems to be working.
