Last modified: 2010-05-15 15:33:00 UTC
I'm hoping to get some attention onto this so that it'll get into the 1.5.x
branch. The current user permissions setup is completely lacking in mediawiki.
There is some kind of permission settings for users in MediaWiki, but I've been
unable to find decent documentation for it. Looking at the db directly, there
is only a blob describing permissions. This is inadequate.
I propose a modified version of the permission/groups scheme I designed for the
Scoop weblog software. In this case, every use is a member of a group (even
anonymous people). Each group has a set of permission bits, which can be Y, N,
or empty. Empty means check the value of the default group (which no-one is
read: y, write: y, delete: n
read: , write: , delete:
read: , write: , delete: y
read: , write:, delete: y
This allows you to define sets of groups which have finely-grained permission
settings (such as an intermediate editors class, or a class of users which can
delete pages permanently) without allowing people complete Wiki control.
Additionally, you can setup the pages to allow only certain groups to read/write
them. This is beneficial for corporate environments, where the completely-open
nature of the wikis could lead to issues, as well as when wikis are used for
Another great benefit of this setup is that you can edit the permission bits for
a group via something like phpMyAdmin, or raw sql statements. When you extend
the permission bit set during future branches, you can set a default "safe"
value, and allow the admins of the sites to put in their own values on the extra
I don't think a BLOB is an acceptable method of encoding user permissions,
especially if mediaWiki is to work well and play with other SQL-aware web
applications on the server.
Already implemented in 1.5 months ago.