Feature #2636

Feature Request: Wiki ACLs (Access control for individual pages)

Added by Jim Jones almost 11 years ago. Updated 22 days ago.

Status:NewStart date:2009-01-31
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Wiki
Target version:-
Resolution:

Description

It would be nice if redmine would support ACLs (access control) for individual wiki pages or groups of wiki pages.

Our use-case:
We'd like to give out wiki access to sub-contractors, but only to the parts of the wiki that are their business.
In our case that means a given sub-contractor should see:

  • The wiki pages relevant to his project
  • Parts of the global wiki documentation that we deem non-confidential

That sub-contractor should generally not be able to see anything else. In particular not pages that are meant for other sub-contractors and internal documents that we just don't want them to see.

To achieve this goal we have experimented with creating sub-projects for individual sub-contractors but this approach is very cumbersome and error-prone. For example we are forced to copy individual pages from our global documentation to the sub-project wikis to make them available to the contractor - that duplication doesn't scale and is unmaintainable.

To better handle such situations I propose the following implementation (or similar):

  • Provide a way to tag wiki-pages with ACL-Tokens. This could be achieved with inline code, e.g. a magic line like "#ACL read,write ContractorRole" somewhere in the page source would grant read/write access to that role. Or redmine could provide nice GUI elements to achieve the same task.
  • Provide a per-project toggle to set the wiki pages to "Allow-default" or "Deny-default".
  • Provide a per-project list of default access patterns. For example in a given project we may like to set all pages whose names start with "Internal" to be set to "Deny-Default" and "read/write for RoleDevTeam". Such a patterns list would make it easy and straightforward to divide a wiki into any number of access-zones.

Well, that would be my ideas, I'm sure they can be improved - please discuss.


Related issues

Related to Redmine - Feature #1086: Fine grained permissions New 2008-04-22
Duplicated by Redmine - Feature #8392: Grant access to particular Wiki page Closed 2011-05-18

History

#1 Updated by Juris P almost 11 years ago

+1

#2 Updated by Anonymous over 10 years ago

+1

An simple solution would fit our needs so just internal/public per page would be enough. Where all logged in users can see "internal" pages. Of course it would even be better to integrate it into the existing Rights system.

#3 Updated by Sven Schwyn over 10 years ago

+1

I second Bernhard: A checkbox to set the page "public" or "private" would be sufficient. However, "private" pages should only be visible if a user is both logged in and member of the project the wiki is hooked to. Furthermore, wiki links from public to private pages should display an access denied info.

#4 Updated by Lorenzo Pisani over 10 years ago

+1

#5 Updated by Michael Wünsch over 10 years ago

+1

#6 Updated by Felipe Reyes over 10 years ago

+1

I think that use case proposed by Jimi Jones is the really useful one, moinmoin wiki has that kind of ACL and is very powerful and flexible, probably to avoid the gui part (that could be complex and hard to build a simple and usable one) in a first stage use the magic first line #ACL.

Is this posible that could be implemented like a plugin?, My knowledge of ruby on rails is zero, but maybe somebody at my work aims to develop a plugin.

#7 Updated by Michael Aye about 10 years ago

+1
We have meeting minutes that we would like to keep confidential, but lots of other useful stuff on the Wiki, that is interesting for 'external' users. Please implement!

#9 Updated by James Downs over 9 years ago

How do we go about getting this feature started?

#10 Updated by Hans Schmidt about 9 years ago

+1

#11 Updated by goldleaf asd about 9 years ago

SPAM

#12 Updated by Yaroslav Matsera about 9 years ago

+1

#13 Updated by arthur me about 9 years ago

+1 This would be extremely helpful for having clients interacting with developers on projects while keeping some content separate from them.

#14 Updated by Rares Pop almost 9 years ago

+1.

#15 Updated by Lukas Jelonek almost 9 years ago

+1

#16 Updated by Raidel del Peso almost 9 years ago

+1

Also might be useful to extend this feature to a wiki format tag (like < pre>) that can be inserted anywhere where wiki format is accepted (issues description, etc) making parts of an issue description private is very useful

even tagging an issue notes as private or "hidden to not registered users"

#17 Updated by Adriano Carneiro over 8 years ago

+1
We only need two different Wiki areas: Public Wiki and Private Wiki. Permissions would be set like today, in the Role edit. Instead of only the Wiki box that we have there, we'd have Public Wiki and Private Wiki.

#18 Updated by Matthias Lohr over 8 years ago

+1

#19 Updated by Iwao AVE! over 8 years ago

+1

public/private setting is not good enough for our needs because our company uses Redmine to communicate with our clients and there's no public users (every user has to login).
Setting a minimum role for each wiki page would be sufficient, though.
The role of the client is 'Reporter' and some wiki pages should be visible/editable only to 'Developer' and 'Manager' (i.e. members of our comapny).

#20 Updated by Iwao AVE! over 8 years ago

Please ignore my last comment. I had just started using Redmine and expected there can be multiple wiki pages for a project...

#21 Updated by Igor Zubkov about 8 years ago

+1

#22 Updated by Naveen Prabhu almost 8 years ago

+1

#25 Updated by Oleg Kandaurov over 7 years ago

Please, take a look at my plugin http://www.redmine.org/plugins/private_wiki

#26 Updated by Anton Gillert over 7 years ago

+1
@Oleg Kandaurov, thanks i'll try your plugin

#27 Updated by Vasa Maximov about 7 years ago

+1
I want to be able to give read access for pages only to particular users or roles.

#28 Updated by Antuan Shakhin over 6 years ago

We(Catincan) are interested in financially contributing to this feature if one of the redmine developers is willing to implement it.

Why not crowdfund this feature on https://www.catincan.com ?

#29 Updated by Hans Ginzel about 5 years ago

+1
We (Generali CZ) are also interested.
Is a copy of #1086.

#30 Updated by Toshi MARUYAMA about 5 years ago

#31 Updated by [ Desperados ] about 4 years ago

+1

#32 Updated by Anh Le Giang almost 4 years ago

+ 1

#33 Updated by Toshi MARUYAMA over 3 years ago

  • Duplicated by Feature #8392: Grant access to particular Wiki page added

#34 Updated by Cristiano Cesario over 3 years ago

+1

#35 Updated by Michael Schaefer over 3 years ago

+1

#36 Updated by Phil Valentine almost 3 years ago

+1 Yes please, we have information applicable to fellow 'developers' that it is not desirable to have shared with other project members.
It would be great to be able to specify that the wiki page security is set to:
  • Public (anyone, signed in or not)
  • Private (logged in only)
  • Restricted (Black / White list based on existing 'groups')

#37 Updated by Salvo Rapisarda almost 3 years ago

+1

#40 Updated by cyril Thibout about 2 years ago

and only the first one is working with current versions of ruby/redmine :(

#41 Updated by Maksim Makhniuk almost 2 years ago

+1 long awaiting feature

#42 Updated by Kamil . about 1 year ago

+1

#43 Updated by Heiko Robert 22 days ago

+1
unfortunately the plugins mentioned in #2636#note-40 seem to be dead and don't support redmine 4

Also available in: Atom PDF