![(please configure the [header_logo] section in trac.ini)](/p/clust/chrome/site/your_project_logo.png){kind=logo}
Changes between Version 2 and Version 3 of TracPermissions
- Timestamp:
- Oct 29, 2015, 1:00:54 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracPermissions
v2 v3 14 14 ''This feature is new in version 0.11.'' 15 15 16 To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_ ADD`, `PERMISSION_REMOVE`. The permissions cangranted using the `trac-admin` command (more on `trac-admin` below):16 To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below): 17 17 {{{ 18 18 $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN … … 26 26 27 27 An easy way to quickly secure a new Trac install is to run the above command on the anonymous user, install the [http://trac-hacks.org/wiki/AccountManagerPlugin AccountManagerPlugin], create a new admin account graphically and then remove the TRAC_ADMIN permission from the anonymous user. 28 29 From the graphical admin tab, users with `PERMISSION_GRANT` will only be allowed to grant permissions that they possess, and users with `PERMISSION_REVOKE` will only be allowed to revoke permissions that they possess. For example, a user cannot grant `MILESTONE_ADMIN` unless they have `PERMISSION_GRANT` and `MILESTONE_ADMIN`, and they cannot revoke `MILESTONE_ADMIN` unless they have `PERMISSION_REVOKE` and `MILESTONE_ADMIN`. `PERMISSION_ADMIN` just grants the user both `PERMISSION_GRANT` and `PERMISSION_REVOKE`, and users with `TRAC_ADMIN` can grant or revoke any permission. 28 30 29 31 == Available Privileges == … … 50 52 || `TICKET_EDIT_DESCRIPTION` || Modify description field || 51 53 || `TICKET_EDIT_COMMENT` || Modify comments || 54 || `TICKET_BATCH_MODIFY` || [wiki:TracBatchModify Batch modify] tickets || 52 55 || `TICKET_ADMIN` || All `TICKET_*` permissions, plus the deletion of ticket attachments and modification of the reporter and description fields. It also allows managing ticket properties in the WebAdmin panel. || 53 56 … … 97 100 == Creating New Privileges == 98 101 99 To create custom permissions, for example to be used in a custom workflow, enable the optional [trac:ExtraPermissionsProvider tracopt.perm.config_perm_provider.ExtraPermissionsProvider] component in the "Plugins" admin panel, and add the desired permissions to the `[extra-permissions]` section in your [wiki:TracIni#extra-permissions-section trac.ini]. For more information, please refer to the documentation of the component in the admin panel.102 To create custom permissions, for example to be used in a custom workflow, enable the optional [trac:ExtraPermissionsProvider tracopt.perm.config_perm_provider.ExtraPermissionsProvider] component in the "Plugins" admin panel, and add the desired permissions to the `[extra-permissions]` section in your [wiki:TracIni#extra-permissions-section trac.ini]. For more information, please refer to the documentation on the [wiki:TracIni#extra-permissions-section TracIni] page after enabling the component. 100 103 101 104 == Granting Privileges ==
