Confluence is highly configurable in the way different people can view and edit pages.
The FAI wiki is set up to work entirely on [group permissions|User groups] set on [spaces|Spaces]. Individual [permissions|Permissions] on spaces or pages within spaces should *not* be used.
The only exception is for [Personal spaces] which are controlled by the individual owner of the space.
h3. Permissions policy
|| Group \\ || All \\ spaces \\ || Own \\ SC or WG space \\ || Own \\
personal space \\ || || | *confluence-administrators* | Super administrator powers | | | There are very few users with this permission, membership authorized by the FAI webmaster. |
| *wiki-administrators* \\ | Admin, Read, Write, Comment \\ | | | Can administer all spacs in the wiki but are disallowed from operations that may compromise system security. Generally only one or a small group per FAI commission. For example CIMA wiki administration is performed by the [CIMA Internet Presence working group|CIMA Internet presence] whichgroup|cimaWiki:] which is composed of elected CIMA delegates. |
| *CIMA Bureau* \\ | Read, Write, Comment | | | The CIMA Bureau members have full access to the wiki contents, excepting the space administration rights. | | *Each SC or WG member* \\ | Read, Comment \\ | Read, Write, Comment | | Each sub-committee or working group member has full access to the content of the corresponding space. |
...
| *Each CIMA Delegate* \\ | Read, Comment \\ | | Read, Write, Comment | Each CIMA delegate can create and edit their own personal space, read and create comments in all spaces and can create and edit pages in some spaces. | | *Anonymous user* \\ | Read \\ | | | Non-logged in users can view all spaces but can't see or create comments. |
h3. Typical setup for a space.
This is the CIMA [Internet Presence Working Group|cimaWiki:] space.
!standard-permissions-setup.jpg|border=1!
h4. wiki-administrators
must ALWAYS be given full permission for all spaces. If they are not, then this will be altered by an administrator.
h4. cima-delegates
In this case it is a CIMA space, and the group *cima-delegates*, which contains all CIMA delegates who have permission to view and comment.
h4. cima-internet
Contains the members of the CIMA working group responsible for this space. (probably these are also all cima-delegates, but it could include other co-opted members.) They have permission to do almost anything in the space.
h4. Logged in people not CIMA delegates
if you wanted people outside of CIMA to be able to comment in this space then you could add the group *confluence-users* which contains everyone with a valid login to the wiki. They should have the same permissions as *cima-delegates* have here.
h4. Individual users
Note that no individual users have permissions for this space. This is a FAI protocol and makes overall administration easier. If an administrator finds any individual permissions anywhere in the wiki (apart from [Personal spaces]) then they will be removed.
h4. Anonymous
The group *anonymous* is anyone not logged in. CIMA has chosen the policy of using this wiki as a tool to show the World what it does, so generally anonymous access is set to *view* in all CIMA pages.
It is *strongly recommended* anonymous users are not given any further permissions as this could easily lead to abuse. Wiki administrators will generally disable any anonymous permissions they find beyond just view.
h3. Additional Groups
If you think you will require additional groups, please send a request to [mailto:wikiAdmin@fai.org]