Changes between Initial Version and Version 1 of TracPermissions

Timestamp:

03/10/04 08:16:18 (21 years ago)

Author:

trac

Comment:

--

TracPermissions

@@ +1 @@
+== Trac Permissions ==
+
+Trac uses a flexible permission system to control what different users can do
+in the system.
+
+When a user first uses a system he/she will be able to do certain things. 
+Exactly what he/she can do depend on which privileges you have granted to
+the special user {{{anonymous}}}.
+In addition to these privileges different users can be granted additional 
+rights as soon as they login into the system.
+
+=== Available privileges ===
+
+ * {{{TRAC_ADMIN}}}
+ * {{{LOG_VIEW}}}
+ * {{{FILE_VIEW}}}
+ * {{{CHANGESET_VIEW}}}
+ * {{{BROWSER_VIEW}}}
+ * {{{TICKET_VIEW, TICKET_CREATE, TICKET_MODIFY, TICKET_ADMIN}}}
+ * {{{REPORT_VIEW, REPORT_CREATE, REPORT_MODIFY, REPORT_DELETE, REPORT_ADMIN}}}
+ * {{{WIKI_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_DELETE, WIKI_ADMIN}}}
+ * {{{TIMELINE_VIEW}}}
+ * {{{SEARCH_VIEW}}}
+ * {{{CONFIG_VIEW}}}
+
+The {{{something_ADMIN}}} privileges are just shortcuts that can be used to grant a user all the ''something'' privileges in one go. Having {{{TRAC_ADMIN}}}
+is like being {{{root}}} on a *NIX system, it will let you do anything you want.
+
+=== Granting privileges ===
+
+Currently the only way to grant privileges to users is by using the
+{{{trac-admin}}} script. The current set of privileges can be listed
+with the following command:
+
+{{{
+  $ trac-admin /path/to/my.db permission list
+}}}
+
+This command will let the user ''bob'' to delete reports:
+
+{{{
+  $ trac-admin /path/to/my.db permission add bob REPORT_DELETE
+}}}
+
+=== Default permissions ===
+
+Granting privileges to the special user ''anonymous'' can be used to control
+what an anonymous user can do before they have logged in.
+
+In the same way, privileges granted to the special user ''authenticated'' will apply to any authenticated (logged in) user.