tracpermissions
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | tracpermissions [2015/06/09 15:23] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Trac Permissions ====== | ||
+ | [[: | ||
+ | |||
+ | Trac uses a simple permission system to control what users can and can't access. | ||
+ | |||
+ | Permission privileges are managed using the [[: | ||
+ | |||
+ | Non-authenticated users accessing the system are assigned the name " | ||
+ | |||
+ | In addition to these privileges, users can be granted additional individual rights in effect when authenticated and logged into the system. All logged in users belong to the virtual group " | ||
+ | |||
+ | ===== Available Privileges ===== | ||
+ | |||
+ | To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will allow you perform any operation. | ||
+ | |||
+ | Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac (note that the privilege names are case-sensitive): | ||
+ | |||
+ | ==== Repository Browser ==== | ||
+ | |||
+ | | `BROWSER_VIEW` | View directory listings in the [[: | ||
+ | | `LOG_VIEW` | View revision logs of files and directories in the [[: | ||
+ | | `FILE_VIEW` | View files in the [[: | ||
+ | | `CHANGESET_VIEW` | View [[: | ||
+ | |||
+ | ==== Ticket System ==== | ||
+ | |||
+ | | `TICKET_VIEW` | View existing [[: | ||
+ | | `TICKET_CREATE` | Create new [[: | ||
+ | | `TICKET_APPEND` | Add comments or attachments to [[: | ||
+ | | `TICKET_CHGPROP` | Modify [[: | ||
+ | | `TICKET_MODIFY` | Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, | ||
+ | | `TICKET_ADMIN` | All `TICKET_*` permissions, | ||
+ | |||
+ | ==== Roadmap ==== | ||
+ | |||
+ | | `MILESTONE_VIEW` | View a milestone | | ||
+ | | `MILESTONE_CREATE` | Create a new milestone | | ||
+ | | `MILESTONE_MODIFY` | Modify existing milestones | | ||
+ | | `MILESTONE_DELETE` | Delete milestones | | ||
+ | | `MILESTONE_ADMIN` | All `MILESTONE_*` permissions | | ||
+ | | `ROADMAP_VIEW` | View the [[: | ||
+ | |||
+ | ==== Reports ==== | ||
+ | |||
+ | | `REPORT_VIEW` | View [[: | ||
+ | | `REPORT_SQL_VIEW` | View the underlying SQL query of a [[: | ||
+ | | `REPORT_CREATE` | Create new [[: | ||
+ | | `REPORT_MODIFY` | Modify existing [[: | ||
+ | | `REPORT_DELETE` | Delete [[: | ||
+ | | `REPORT_ADMIN` | All `REPORT_*` permissions | | ||
+ | |||
+ | ==== Wiki System ==== | ||
+ | |||
+ | | `WIKI_VIEW` | View existing [[: | ||
+ | | `WIKI_CREATE` | Create new [[: | ||
+ | | `WIKI_MODIFY` | Change [[: | ||
+ | | `WIKI_DELETE` | Delete [[: | ||
+ | | `WIKI_ADMIN` | All `WIKI_*` permissions, | ||
+ | |||
+ | ==== Others ==== | ||
+ | |||
+ | | `TIMELINE_VIEW` | View the [[: | ||
+ | | `SEARCH_VIEW` | View and execute [[: | ||
+ | | `CONFIG_VIEW` | Enables additional pages on //About Trac// that show the current configuration or the list of installed plugins | | ||
+ | |||
+ | ===== Granting Privileges ===== | ||
+ | |||
+ | You grant privileges to users using [[: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | This command will allow the user //bob// to delete reports: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | The `permission add` command also accepts multiple privilege names: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Permission Groups ===== | ||
+ | |||
+ | Permissions can be grouped together to form roles such as // | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | $ trac-admin / | ||
+ | $ trac-admin / | ||
+ | $ trac-admin / | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | Group membership can be checked by doing a // | ||
+ | |||
+ | ===== Removing Permissions ===== | ||
+ | |||
+ | Permissions can be removed using the ' | ||
+ | |||
+ | This command will prevent the user //bob// from deleting reports: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | Just like `permission add`, this command accepts multiple privilege names. | ||
+ | |||
+ | You can also remove all privileges for a specific user: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | Or one privilege for all users: | ||
+ | < | ||
+ | $ trac-admin / | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Default Permissions ===== | ||
+ | |||
+ | Granting privileges to the special user // | ||
+ | |||
+ | In the same way, privileges granted to the special user // | ||
+ | |||
+ | ---- | ||
+ | See also: TracAdmin, TracGuide and [[http:// | ||
tracpermissions.txt · Last modified: 2015/06/09 15:23 by 127.0.0.1