Permission Types

View Right

The view right gives the user the ability to view a document or load it using the API.

  • Availability: Page, Space and Wiki level.
  • Default status: ALLOWED
  • Priority order: deny > allow > no setting
  • Checking order: terminal page > parent nested page > wiki

Comment Right

The comment gives the user the ability to add a comment, but not to edit or delete it.

  • Availability: Page, Space and Wiki level.
  • Default status: ALLOWED
  • Priority order: deny > allow > no setting
  • Checking order: terminal page > parent nested page > wiki
In order to be able to edit or delete your own comments, you need to have edit rights on the space or page. Also, you won't be able to edit or delete the comments of other users, unless you have administration rights.

Edit Right

The edit allows you to edit the page and all of its objects.

  • Availability: Page, Space and Wiki level.
  • Default status: ALLOWED
  • Priority order: deny > allow > no setting
  • Checking order: terminal page > parent nested page > wiki

Delete Right

The delete right allows you to move a page to the recycle bin.

  • Availability: Page, Space and Wiki level.
  • Default status: DENIED (unless you're the document creator)
  • Priority order: deny > allow > no setting
  • Checking order: terminal page > parent nested page > wiki

Special Permissions

Administration Right

The administration right can only be granted at space or wiki level. A very important detail is that the wiki administrator cannot have his/her administration rights denied for a space. Also, having administration rights imply the view, comment, edit and delete permissions with the added ability to permanently delete a page from the recycle bin.

  • Availability:
    • Space (Automatically includes the view, comment, edit, delete rights)
    • Wiki (Automatically includes the view, comment, edit, delete, register)
  • Default status: DENIED
  • Priority order: allow > deny > no setting
  • Checking order: wiki > page

Programming Right

A programmer is allowed to execute arbitrary Java code in the wiki, so any page which was last saved by an user with programmer rights can run dangerous scripts. Because it affects the entire wiki (or wiki farm), programming rights can only be granted from the wiki preferences page in a single wiki environment or from the main wiki in a multi-wiki environment.

  • Availability: Main wiki level
  • Default status: DENIED
  • Priority order: allow > deny > no setting
  • Checking order: wiki

Register Right

The register right is usually granted or revoked for the non-registered pseudo-user "XWiki.XWikiGuest". This permission can only be set from the wiki preferences page.

  • Availability: Wiki level
  • Default status: ALLOWED
  • Priority order: allow > deny > no setting
  • Checking order: wiki

Create Wikis Right

The "createwiki" right can only be granted via the main wiki, just like programming rights. For detailed information, check this documentation page.

  • Availability: Main wiki level
  • Default status: DENIED
  • Priority order: allow > deny > no setting
  • Checking order: wiki

Script Right

The "Script" right was introduced in version 7.2 in order to control who has the right to write scripts. Anyone with edit rights can write a script in a wiki page. However, when the page is rendered, the script will only execute if the last author of the page has the "Script" right.

For backward-compatibility reasons, the standard XWiki Enterprise distribution comes with the "Script" right being allowed for all users at the main wiki level. So, unless an administrator explicitly revokes the right for some users or groups, they will be able to execute the scripts they wrote.

  • Availability: Wiki level
  • Default status:
    • ALLOWED on the main wiki
    • DENIED on sub-wikis
  • Priority order: allow > deny > no setting
  • Checking order: wiki

Related Pages

Search this space

 

Most popular tags

Failed to execute the [groovy] macro
  1. access rights
  2. activity stream
  3. annotation
  4. attachment
  5. comment
  6. Document Tree Macro
  7. export
  8. Extension Manager
  9. Flamingo skin
  10. global user
  11. Groovy event listener
  12. group
  13. nested page
  14. search
  15. skin
  16. syntax
  17. user
  18. user profile
  19. velocity macros
  20. wiki
  21. wysiwyg
  22. XWiki Applications
  23. xwikiattachment_archive table
  24. xwikiattachment table
  25. xwikiattrecyclebin table
  26. xwikiproperties table

[Display all tags from this space]