  TIP Tip: TWiki:TWiki.TWikiAccessControlSupplement on TWiki.org has additional documentation on access control.

An Important Control Consideration

Open, freeform editing is the essence of WikiCulture - what makes TWiki different and often more effective than other collaboration tools. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less Wiki in the mix. Experience shows that unrestricted write access works very well because:

Line: 166 to 167
  This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.
ALERT! Note: Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.

Authenticate all Webs and Restrict Selected Webs

Line: 176 to 177
    • Set DENYWEBVIEW = < list of Users and Groups >
    • Set ALLOWWEBVIEW = < list of Users and Groups >
  1. Hide the web from an "all webs" search. Enable this restriction with the NOSEARCHALL variable in its WebPreferences topic:
    • Set NOSEARCHALL = on

Authenticate and Restrict Selected Webs Only

Line: 187 to 186
    • Set DENYWEBVIEW = < list of Users and Groups >
    • Set ALLOWWEBVIEW = < list of Users and Groups >
    • Note: DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted in case DENYWEBVIEW and ALLOWWEBVIEW is not defined.
  1. Hide the web from an "all webs" search. Enable this restriction with the NOSEARCHALL variable in its WebPreferences topic:
    • Set NOSEARCHALL = on

Hide Control Settings

