Created by: gwideman, Sep 27, 2010 10:00 pm
Revised by: gwideman, Nov 9, 2011 4:02 am (13 revisions)

More thoughts on roles and permissions.

Elaboration of Roles and Permissions involves expanding the following:
Item
Variants
Data
Page, Discussion
Operation
Create, View, Edit, Delete
Scope
Site default, Single page
User attempting operation
Recognized by WS: Wiki creator, organizer, wiki member, wikispaces user, public guest.
Also of interest, but not explicitly impemented by WS: Members of a group defined by us; "Owner" of a page.
Wiki account plan
Basic, Plus, Super, Private Label
Further, we can elaborate what combinations of the above appear as predefined combinations of permissions:

Setting permissions

Permissions, including those for pages, and including Locking, Hidden and Custom, can only be set by Organizer, not by Member, even if member has edit permission.
Scope
Permission combos

All plans
Plus
Super
Wiki-level
Public, Protected, ,
Private
Custom
Page-level
Default, Locked,

Hidden, Custom

Basic grid of permissions

Scope
Data
Operation
Wiki
organizer
Wiki
member
WS
User
Public
anon









Site default
Page
Create page







View







Edit, Delete














Discussion
View







Start Topic, Reply













Single page
Page
View







Edit, Delete














Discussion
(no page-level control)














Plus-level Private site

These are fixed settings for the Private setting of the Plus subscription.
For Super subscription these are the default settings for Private, but can be customized site-wide.

Scope
Data
Operation
Wiki
organizer
Wiki
member





Site-wide
Page
View page
Y
Y (no Hide for Plus)


Create page
Y
Y


Edit
Y
Y (unless page Lock)


Delete
Y
N


Rename
Y
N






Discussion
View
Y
Y


Start Topic, Reply
Y
Y





Management





Nav area
Edit nav
Y
Y [Note 4]





Page level: H: Hide, L: Lock

Notes:
1. Private site cannot be viewed (nor any other activity) by any non-member of the wiki, including:
  • logged in Wikispaces user (who is not a member of the wiki)
  • general public.

2. How to show some site-specific info on the home page for visitors who are not logged in?
  • We might use the "permission denied" page content
    • Though that also appears in other permission-denied scenarios -- gaaa!
      • But can include Javascript, so possibly could be made useful.
  • We can use use theme: <WikiIsNotSpaceMember>

3. Key sore point is no way to arrange a site-wide permission level for viewing without editing
  • Equivalent to Locking all pages for simple Members.
  • Could make Edit button (and other opportunities?) available only to organizers?
    • Use theme <WikiIsSpaceOrganizer> or <WikiIsAdministrator>?
    • Though this doesn't prevent user from figuring out and using the edit URL.
      • Can edit capability be blocked using <WikiIsNotSpaceOrganizer>?

4. Members can edit the space.menu page.
  • This is enabled in conditionals in the theme. Can be set to stricter, eg: <WikiIsSpaceOrganizer>

Basic and Plus level Protected site

These are fixed settings for the Protected setting of the Basic or Plus subscription.
For Super subscription these are the default settings for Protected, but can be customized site-wide.
Page level: H: Hide, L: Lock
Scope
Data
Operation
Wiki
organizer
Wiki
member
WS
user
Random
public







Site-wide
Page
View page
Y
Y (no Hide for Basic/Plus)
Y
Y


Create page
Y
Y
N
N


Edit
Y
Y (unless page Lock)
N
N


Delete
Y
N
N
N


Rename
Y
N
N
N








Discussion
View
Y
Y
Y
Y


Start Topic, Reply
Y
Y
[Note 1]
N







Management







Nav area
Edit nav
Y
Y [Note 2]
N
N







Single page
Page
Prevent View

H
H
H


Prevent Edit, Delete

H or L
na
na







Notes:
1. For Protected sites, there's an option to Allow or Prohibit discussion message posts from non-members. Setting to Allow permits non-member WS users to post, but not general public (I believe).

2. See similar note for Private site.

Issue: Protected sites allow differentiation of reader from message poster, but Private sites do not, at least not as part of the permissions system.

Super-level Custom permissions

4 = Organizer, 3 = Wiki member, 2 = WS User, 1 = Public anon
Scope
Data
Operation
Permitted user level
can be set to:
Hide/
Lock





Site-wide
Page
View
Any
Hide for < Organizer


Edit, Delete
>=View level
Prohibit for < Organizer


Create page
>= Edit level







Discussion
View
= View level



Start Topic, Reply
>= View level






Single page
Page
View
Any (more or less than site-wide!)



Edit, Delete
<= Page-view level



(Also Hide and Lock)



Discussion
(no page-level control)







Note: Single-page permissions can be set more liberal than Site default permissions!
  • Could be a hazard: Person editing page could accidentally set page to be publicly viewable or editable when overall site policy should prohibit that.
  • Could be a benefit: Default to keeping pages private until ready to make specific pages public and possibly editable.
  • But note that "private" means accessible to all Organizers. There is no "private to author" setting.


Issues

1. Insufficient permission levels.
There is really no way to map Organizer/Member/WS-User to the following permission levels:
    • No access
    • Reader of pages and comments
    • Reader plus commenter
    • Reader, editor/creator, commenter.
    • Site-level admin

In short, if an editing permission is mapped to Member, then read-only would be accorded to general public, so the site can't be private. If instead editing permission is mapped to Organizer, then anyone who can edit can also monkey with all admin settings.

2. No way to conceal pages being worked on until author is ready to publish:
  • WS does not recognize the creator of a page as special, hence has no special permissions for the creator.
  • The Hide setting, not even available until the Super level, is available only to Organizers, not Members. Consequently, if Member is the level of page editors, they can't even hide their pages.
    • But if the Hide feature obliges giving editors Organizer perms, then all editors are then able to monkey with admin settings. So basically Hide is useless, except for real Organizers.
    • Similar problem with Lock