Hi,
i have a strange effect at my wiki(s).
XWiki 11.10.10 with LDAP. Login works fine, with several subwikis.
Now i noticed that every user (all members of XWikiAllGroup) have admin rights! That is for sure not what i want. Even if i create a local user (only member of the all group, checked at the users profile) this user can admin the wiki. And: this local user can see and admin also all the sub wikis!
Even if i explicitely deny the view rights for a page and it’s children for the all group this has no effect, everything remains fully visible for all.
Any idea where a global setting can create this effect? Where can i check the individual settings for a user? Anything what i oversaw with inherit rights?
(I have only the XWikiAllGroup with no special group permissions set, and the XWikiAdminGroup with all green checkmarks).
This is very confusing and is a critical point for my management.
Any help is highly appreciated.
Norbert
I found an old discussion here Can't make rights work in XWiki 8.4.4 - #10 by douglasl and it turns out that the programming rights are the problem. These checkbox was activated for the XWikiAllGroup (but only this one!), causing all admin rights propagated to all sites and wikis. Once unchecked all went back to normal and expected behaviour.
This is somewhat confusing and my suggestion would be to insert an explicit warning, that giving just programming rights to the AllGroup results in global admin rights.
But anyway, this forum was again very helpful!
Norbert