Hello XWiki-Community,
I am exploring the features of XWiki since a couple of weeks, but now I got stuck. I hope somebody of you can provide some help?
What I wanted to do:
- Configuring subwikis with access only for selected global users.
What did I do:
- Created a subwiki allowing only global users.
- Added global users to the subwiki, so they are added automatically to the subwiki’s Local:XWikiAllGroup.
- Now I would tried to disallow viewing pages of the subwiki for all users that are NOT part of the subwiki’s Local:XWikiAllGroup.
- My approach:
- Admin > User & Rights > Rights > Show Global & Locals Groups
- Explicitly Disallow Global:XWikiAllGroup to View
- Explicitly Allow Local:XWikiAllGroup to View
- Result:
- A global user that is part of the subwiki’s Local:XWikiAllGroup is not allowed to view the pages of the subwiki.
I have checked the page https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/Permission%20types/
but that one is more about page vs wiki permissions, so it doesn’t apply to my case.
Also I flushed the JMX and XWiki caches in order to avoid any caching issues, as the output of the “Check Security Cache”-Extension was too complex for the first sight.
My Questions:
- Is my understanding correct that the disallow permission on the Global:XWikiAllGroup is stronger than the allow permission on the subwiki’s Local:XWikiAllGroup or is the config wrong at all?
- Is there an alternative approach to achieve my goal beside granting the view right on the user level (that actually works)?
Thanks a lot
Thorsten