Overview of Access Control in the Penn State WikiSpaces environment
By default a WikiSpace is open to all faculty and staff via the LDAP group psu.facstaff, unless the administrator (the creator of the of the WikiSpace) chooses to modify this. This means that anyone can view and contribute to your WikiSpace unless you specify otherwise. Access to your WikiSpace can be easily modified by following the instructions below. Access can be restricted by individual Access Account userids, Friends of Penn State (FPS) userids, and/or User Managed Groups (UMGs). Restrictions may also be applied to pages within a WikiSpace, so although space-level permissions can be established, more granular permissions may be used to further control access within a WikiSpace.
Modifying the Permissions when Creating a New Space
On the Create Space screen, make sure to review the Who can use this space section. Note that the view and comment permissions are automatically set for Faculty and Staff, as noted above. If you prefer to restrict access to userids and/or a UMG, then click the Faculty and Staff checkboxes accordingly prior to clicking <OK> to complete the creation of your WikiSpace. Also note that if you use the default settings, you can always change them after you create your space.
Click the Anonymous option to allow viewing and commenting from users who are not logged in and/or from those who are. Note that anonymous users cannot read or write to a space unless the permissions for viewing are established. An anonymous user also cannot edit or possess administrative control of a space.
Modifying the Permissions after Creating a New Space
- Once your space is created, click Browse Space-->Space Admin. The Space Administration screen appears.
- Click Permissions in the Security section. The image below displays the default permission settings.
- Note that the group permissions, in the Groups section, are set for psu.facstaff. This means that Penn State faculty and staff can view, create, and export pages, create news, comments, and attachments, and export the space. Note that the green checkmark indicates what users can do, while the red checkmark indicates what users cannot do.
- The Individual Users section, by default, lists your userid and your permissions. As the creator of the space, you of course have full permissions.
- The Anonymous section, by default, lists the permissions for non-authenticated users. If you specified anonymous use when you created your space, the permissions will be indicated in this section.
- Click <Edit Permissions> from any of the aforementioned sections. The Edit Permissions screen appears.
- To modify the permissions for current Individual users or groups, simply click the checkboxes to select/deselect the permissions of your choice.
- To add a group/groups, enter the name of the User Managed Group and click <Add>. If you do not know the name of the group, click the search icon to bring up a searchable list of User Managed Groups at Penn State. Select the group(s) by clicking its checkbox and then click <Select Group(s)>. Then, click <Add>. The group will be added to the listing in the Groups section. After the group has been added, the permissions can be selected by clicking on the applicable checkboxes.
- To add a user, enter the eduPersonPrincipal name (usually the same as the user's email address) and click <Add>. If you do not know the user's userid, then click the search icon. Using the required criteria, search for the user. Select the user by clicking the user's checkbox then click <Select User(s)>. Then, click <Add>. The user will be added to the listing in the Individual Users section. After the group has been added, the permissions can be selected by clicking on the applicable checkboxes.
- Click <Save All> to confirm all changes. While you can do this at any given point, it might be helpful to first establish all permissions for individual and anonymous users and groups.
- To establish Anonymous Access, click the applicable checkboxes.
Pages within a WikiSpace can be restricted to individual users and/or groups, and may be independent of the WikiSpace permissions. For example, even if the WikiSpace's permissions are set for psu.facstaff, pages within the space may be restricted to a sub-set of individuals and/or groups, so that viewing and editing of those pages can be performed only by those users and/or groups. To restrict a page (while in edit mode), click the Edit link for Restrictions, located at the bottom of a page. The Restrictions panel appears.
Setting Page Restrictions
- Establish either viewing or editing restrictions by clicking Restrict viewing of this page or Restrict editing of this page. Note that you cannot establish both options at the same time, so if you plan to apply both types of restrictions, you'll need to do one type at a time. To restrict the viewing/editing to yourself, click Choose me.
- To restrict viewing to individual users, click Choose Users. The process for searching on a user is the same as it is for establishing user permissions to an entire WikiSpace. Once the user is selected from the search results, his/her userid appears in the listing(s) for viewing and editing restrictions.
- To restrict viewing to groups, click Choose Groups. The process for searching on groups is the same as it is for establishing group permissions to an entire WikiSpace. Once the group is selected from the search results, the group name appears in the listing(s) for viewing and editing restrictions.
- To remove restrictions, click Remove.