Security model help

I want to start off by saying I’m new to XWIKI but really like what I’ve seen so far. I’m implementing an xwiki with sub-wikis and I have some questions about the security model.

I’m not sure if sub-wikis are the best option, or if I should implement a single wiki with some security around nested pages. What I’m trying to achieve is:

  1. A main wiki for internal knowledge sharing (secure pages) AND public articles (unsecure pages)
    a. a sub-wiki for client A
    b. a sub-wiki for client B

The main wiki requires a login and doesn’t allow unregistered users.
Since that’s the case, all users created on the main wiki have access to the sub-wikis. Since the users could be a mix of internal users and public users, I don’t want them all to have access to the sub-wikis, which currently they do.

I’m looking for a way to model my security around this setup. I know that one option would be to create a 3rd sub-wiki for public articles, but I prefer to avoid this option if possible.

Looking forward to any advice I can get.

Thanks!

Bump!

I don’t really understand the problem.

Here an example of setup:

  • Main Wiki (’view’ and ‘edit’ rights for ‘XWikiAllGroup’, register forbidden)
    • Public space (’view’ right for guests)
  • Sub Wiki A (’view’ and ‘edit’ rights for ‘SubWikiA:XWiki.XWikiAllGroup’)
  • Sub Wiki B (’view’ and ‘edit’ rights for ‘SubWikiB:XWiki.XWikiAllGroup’)

Users can be either global or local, as soon as they are correctly members of either SubWikiA:XWiki.XWikiAllGroup or SubWikiB:XWiki.XWikiAllGroup.

Here mine then:
on our xwiki we use nested pages security features on a main xwiki.
We have internal ldap members: view/edit allowed and external members (xwiki local users in a group ‘external’).
This security rights will working well (I think):
On xwiki security: Allgroup: view/comment alowed - external group: deny: comment/modify
Your private parent page (and all new parent pages on root): parents and children pages: Allgroup: view/comment/edit alowed - external group: deny:view
Your public parent page: parents and children pages: Allgroup: view/comment/edit alowed - external group: view/comment/edit alowed
On our xwiki users I forbidden parent pages creation on root (only admin users can do it)

You can read: http://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Access%20Rights/ and especially this sentence:) “Permissions set at a wiki wide level will be overridden by permissions set at a page level, which have priority.”

To check permissions, test with user account of course and:

Pascal B