User Tools

Site Tools


tracpermissions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tracpermissions [2015/06/09 15:23] (current)
Line 1: Line 1:
 +====== Trac Permissions ======
 +[[:​[TracGuideToc]]]
 +
 +Trac uses a simple permission system to control what users can and can't access.
 +
 +Permission privileges are managed using the [[:​TracAdmin|trac-admin]] tool.
 +
 +Non-authenticated users accessing the system are assigned the name "​anonymous"​. Assign permissions to the "​anonymous"​ user to set privileges for anonymous/​guest users. The parts of Trac that a user does not have the privileges for will not be displayed in the navigation.
 +
 +In addition to these privileges, users can be granted additional individual rights in effect when authenticated and logged into the system. All logged in users belong to the virtual group "​authenticated",​ which inherits permissions from "​anonymous"​.
 +
 +===== Available Privileges =====
 +
 +To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will allow you perform any operation.
 +
 +Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac (note that the privilege names are case-sensitive):​
 +
 +==== Repository Browser ====
 +
 +| `BROWSER_VIEW` | View directory listings in the [[:​TracBrowser|repository browser]] |
 +| `LOG_VIEW` | View revision logs of files and directories in the [[:​TracBrowser|repository browser]] |
 +| `FILE_VIEW` | View files in the [[:​TracBrowser|repository browser]] |
 +| `CHANGESET_VIEW` | View [[:​TracChangeset|repository check-ins]] |
 +
 +==== Ticket System ====
 +
 +| `TICKET_VIEW` | View existing [[:​TracTickets|tickets]] and perform [[:​TracQuery|ticket queries]] |
 +| `TICKET_CREATE` | Create new [[:​TracTickets|tickets]] |
 +| `TICKET_APPEND` | Add comments or attachments to [[:​TracTickets|tickets]] |
 +| `TICKET_CHGPROP` | Modify [[:​TracTickets|ticket]] properties (priority, assignment, keywords, etc.) except description field |
 +| `TICKET_MODIFY` | Includes both `TICKET_APPEND` and `TICKET_CHGPROP`,​ and in addition allows resolving [[:​TracTickets|tickets]] |
 +| `TICKET_ADMIN` | All `TICKET_*` permissions,​ plus the deletion of ticket attachments and modification of the description field |
 +
 +==== Roadmap ====
 +
 +| `MILESTONE_VIEW` | View a milestone |
 +| `MILESTONE_CREATE` | Create a new milestone |
 +| `MILESTONE_MODIFY` | Modify existing milestones |
 +| `MILESTONE_DELETE` | Delete milestones |
 +| `MILESTONE_ADMIN` | All `MILESTONE_*` permissions |
 +| `ROADMAP_VIEW` | View the [[:​TracRoadmap|roadmap]] page |
 +
 +==== Reports ====
 +
 +| `REPORT_VIEW` | View [[:​TracReports|reports]] |
 +| `REPORT_SQL_VIEW` | View the underlying SQL query of a [[:​TracReports|report]] |
 +| `REPORT_CREATE` | Create new [[:​TracReports|reports]] |
 +| `REPORT_MODIFY` | Modify existing [[:​TracReports|reports]] |
 +| `REPORT_DELETE` | Delete [[:​TracReports|reports]] |
 +| `REPORT_ADMIN` | All `REPORT_*` permissions |
 +
 +==== Wiki System ====
 +
 +| `WIKI_VIEW` | View existing [[:​TracWiki|wiki]] pages |
 +| `WIKI_CREATE` | Create new [[:​TracWiki|wiki]] pages |
 +| `WIKI_MODIFY` | Change [[:​TracWiki|wiki]] pages |
 +| `WIKI_DELETE` | Delete [[:​TracWiki|wiki]] pages and attachments |
 +| `WIKI_ADMIN` | All `WIKI_*` permissions,​ plus the management of //​readonly//​ pages. |
 +
 +==== Others ====
 +
 +| `TIMELINE_VIEW` | View the [[:​TracTimeline|timeline]] page |
 +| `SEARCH_VIEW` | View and execute [[:​TracSearch|search]] queries |
 +| `CONFIG_VIEW` | Enables additional pages on //About Trac// that show the current configuration or the list of installed plugins |
 +
 +===== Granting Privileges =====
 +
 +You grant privileges to users using [[:​TracAdmin|trac-admin]]. The current set of privileges can be listed with the following command:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission list
 +</​code>​
 +
 +
 +This command will allow the user //bob// to delete reports:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission add bob REPORT_DELETE
 +</​code>​
 +
 +
 +The `permission add` command also accepts multiple privilege names:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission add bob REPORT_DELETE WIKI_CREATE
 +</​code>​
 +
 +
 +===== Permission Groups =====
 +
 +Permissions can be grouped together to form roles such as //​developer//,​ //admin//, etc.
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission add developer WIKI_ADMIN
 +  $ trac-admin /​path/​to/​projenv permission add developer REPORT_ADMIN
 +  $ trac-admin /​path/​to/​projenv permission add developer TICKET_MODIFY
 +  $ trac-admin /​path/​to/​projenv permission add bob developer
 +  $ trac-admin /​path/​to/​projenv permission add john developer
 +</​code>​
 +
 +
 +Group membership can be checked by doing a //​permission list// with no further arguments; the resulting output will include group memberships. Use lowercase for group names, as uppercase is reserved for permissions.
 +
 +===== Removing Permissions =====
 +
 +Permissions can be removed using the '​remove'​ command. For example:
 +
 +This command will prevent the user //bob// from deleting reports:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission remove bob REPORT_DELETE
 +</​code>​
 +
 +
 +Just like `permission add`, this command accepts multiple privilege names.
 +
 +You can also remove all privileges for a specific user:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission remove bob *
 +</​code>​
 +
 +
 +Or one privilege for all users:
 +<​code>​
 +  $ trac-admin /​path/​to/​projenv permission remove * REPORT_ADMIN
 +</​code>​
 +
 +
 +===== Default Permissions =====
 +
 +Granting privileges to the special user //​anonymous//​ can be used to control what an anonymous user can do before they have logged in.
 +
 +In the same way, privileges granted to the special user //​authenticated//​ will apply to any authenticated (logged in) user.
 +
 +----
 +See also: TracAdmin, TracGuide and [[http://​trac.edgewall.org/​wiki/​FineGrainedPermissions|FineGrainedPermissions]]
  
tracpermissions.txt ยท Last modified: 2015/06/09 15:23 (external edit)