Table of Contents

Access Control Lists (ACL)

Access Control Lists (ACL)s

DokuWiki — like most wikis — is very open by default. Everyone is allowed to create, edit and delete pages. However ​sometimes it makes sense to restrict access to certain or all pages. This is when the Access Control List (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured.

:!: WARNING: DokuWiki's ACL feature has been included for some time and should be pretty stable. However, if you are concerned about the risk of unauthorized users accessing information in your wiki, you should never put it on a computer accessible from the Internet.

Information should be categorized as public (world readable), private (world is blocked, signed in or group has access), or sensitive (not stored in the wiki at all; example passwords should be kept in a password manager.)

Access Restrictions

Access restrictions can be bound to pages and namespaces. There are seven permissions: none, read, edit, create, upload, delete and admin. Each higher permission contains the lower ones, with read being the lowest and delete the highest one. You should note that create, upload and delete permissions can only be assigned to namespaces.

Rules that were set to namespaces apply on media namespaces as well as for page namespaces.

When DokuWiki checks which rights it should give to a user, it uses all rules matching the user's name or the groups he or she is in. The rule that provides a user's permission is chosen according to the following process:

Users are in the groups they were assigned to in the user manager (or the auth backend). However there are two groups that are somewhat special:

Groups are represented internally and in the ACL manager by a prepended @ character to the group name.

Editing ACLs

Only Wiki Administrators can update ACLs.

Permissions

Name Permission
None No Permission - Locked Out
Read Read Only
Edit Read and Write Existing Pages
Create New Pages Can Be Created
Upload Media Files May Be Uploaded
Delete Media Files May Be Overwritten or Deleted

ACL Info Plugin

ACL Info Plugin

The following code may be included in the sidebar and displays the ACLs affecting the current page.

**Access Control List**
~~NOCACHE~~
~~ACLINFO~~

Private Pages and Namespaces

Anonymous users are denied access to pages or any page under a namespace with the name private.