Access Control is more difficult in a corporate wiki than in a public wiki. By its very nature, you might expect to find privilidged corporate information, trade secrets, and information bound by internal and external non-disclosure agreements.
As an example, my company works on civil and military aviation simulators. Most information on the wiki is privilidged, meaning that our competators may get an advantage if they read, for instance, the notes from a bids and proposals meeting. Sometimes we work with another company, such as Boeing, which may provide aircraft data under a non-disclosure agreement, and only those individuals who sign the agreement should have access to that data. Some information is export-controlled, meaning that it is a violation of U.S. law to let a foriegn person see that information. However, sometimes we get exceptions for certain foriegn nationals, who then have access to certain bits of information.
As you can imagine, ACLs don't quite cover our needs. Groups, new page templates, and carefully constructed ACL statements do the trick, but it is hard enough to get people to use wiki, much less get them to learn the details of the ACL syntax and algorithm.
Some features that would be nice:
- Better support for the group concept. I'd like to make a group of local U.S. citizens, local non-U.S. citizens, and then a local employees group that is the union of those two, without having to enter each name manually.
- This is aready possible. Groups may be member of other groups. Only the handling of the meta groups (All, Known, Trusted) does not work yet.
- Better auditing features. For instance, I'd like to set up a test user, a local employee who is not a U.S. citizen, and have a script tell me all the pages that person has access to. I'd like to be able to confirm, one by one, that the access rights are appropriate, and then have the script inform me when something changes (i.e., a new page is added with liberal access rights).
The functionality you are looking for is TitleIndex.
- To get informed from changes you can subscribe to all pages. But right now it is not possible to filter for new pages only and especially not for pages getting visible.
- ACL wizards, that would allow me to select rights by the availible groups and construct an appropriate ACL statement, and possibly see the effects on some test cases (for instance, would I be able to still read the page after my ACL change!). This might be done in a pop-up form, that gives me an ACL statement to cut and paste into the edit window.
Cross-project ACLs, so that a WikiFarm gathers user data from a global location.
I would see this as part of the sub wiki/wiki farm feature not as a ACL problem. -- FlorianFesti 2005-03-23 08:23:34
You could make an ACL group for each project, giving each person as many rights as they need to see corporate and project pages. With strict ACLs, the wiki becomes customized to that person, reducing the need for project-specific wikis (except for the name collisions).