"Fossies" - the Fresh Open Source Software archive

Member "twig-2.8.3/docs/AdminManual/isecurity.htm" of archive twig-2.8.3.tar.gz:


Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. Alternatively you can here view or download the uninterpreted source code. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

TWIG Administrators Manual

Return to Table of Contents

7. TWIG's Internal Security Providers

TWIG allows for restricting access certain features through two separate systems, these systems comprise the internal security providers:

Features and options can be disabled using these two systems, however they are mutually exclusive and have a significantly different implementation details.

TWIG's Internal Security Provider can be configured through config.inc.php3's $config["security"] setting.

7.1 Basic

The basic provider is similar to TWIG 1's system by using a series of $disabled[] configuration settings, this disables a given feature for all uses of the installation of TWIG.  Please see TWIG's Feature Modules for more details on the various $disabled[] values that can be set.

7.2 Advanced

The advanced provider is a radical departure from TWIG 1's system, instead of using static configurations for each setting, advanced used an Access Control List (ACL) system that allows for features to be activated or disabled for single users or groups of users.

Unlike basic, advanced requires some extra setup:

  • Make sure the SQL tables twig_acls and twig_acl_groups are setup in your SQL server
  • Edit the file setup/advanced.acl.population and replace <admin user> with the name of the administrator of the TWIG system
  • Use the above file to add the data to your SQL server (this is usually accomplished in a similar way to how you created the TWIG tables).

Note: the setup/advanced.acl.population file populates the ACL database such that the TWIGAdministrators group has administrative access to all aspects of TWIG, and the group Everyone has standard access to all the features in TWIG.  You can change this later through the administrative feature of TWIG.

Once this is accomplished, log on to TWIG as the administrative user you selected.  In the main screen under options you should now have an administration option.  From the administrative option you can further configure access to the various features of TWIG.

By default all new users of the system will be added to the Everyone group. The system admin can define what groups to add new users to by editing the file config/newusergroups.inc.php3 and following the format contained within.

The advanced system does not support the use of $disabled[] except in a few very specific items, they are as follows:

  • $disabled["global_autoaccounts"]

The advanced security system does not support these options due to the fact that these occur prior to the required code being loaded to support the security functions.

 

Return to Table of Contents Return to Top